Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Bybass HTTP ( extension files ) in ISA 2004

Bybass HTTP ( extension files ) in ISA 2004

From: <medozero_at_yahoo.com>
Date: 15 Jul 2006 14:47:18 -0000

('binary' encoding is not supported, stored as-is) hi ppl i just discover a bug in Microsoft Internet Security and Acceleration (ISA) Server which make you able to Bybass HTTP ( extension files ) just add # to the end of the file extension
ex: www.site.com/file.zip#
that will make you bybass the filter rule if the admin prevent you from downlaoding the extension zip
Copyright MedoZero 2006
Received on Jul 15 2006

This message: [ Message body ]
Next message: naveed: "MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC"
Previous message: Hugo van der Kooij: "Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround"
Next in thread: Thor (Hammer of God): "Re: Bybass HTTP ( extension files ) in ISA 2004"
Reply: Thor (Hammer of God): "Re: Bybass HTTP ( extension files ) in ISA 2004"
Maybe reply: Edward Tripovich: "RE: Bybass HTTP ( extension files ) in ISA 2004"
Maybe reply: medozero_at_yahoo.com: "Re: Bybass HTTP ( extension files ) in ISA 2004"
Maybe reply: medozero_at_yahoo.com: "Re: Bybass HTTP ( extension files ) in ISA 2004"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]