Bugtraq mailing list archives
RE: Bybass HTTP ( extension files ) in ISA 2004
From: "Edward Tripovich" <edward.tripovich () hotmail com>
Date: Mon, 17 Jul 2006 19:33:05 +0200
Tested this on ISA 2004. I cannot reproduce this. The ISA server blocks a given extension, with or without the # at the end of the file extension.
Special config maybe? Edward medozero () yahoo com schreef:
hi ppl i just discover a bug in Microsoft Internet Security and Acceleration (ISA) Server which make you able to Bybass HTTP ( extension files ) just add # to the end of the file extensionex: www.site.com/file.zip#that will make you bybass the filter rule if the admin prevent you from downlaoding the extension zipCopyright MedoZero 2006
_________________________________________________________________Bellen met Messenger? Download nu Windows Live Messenger beta! http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl
Current thread:
- Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 15)
- Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 17)
- <Possible follow-ups>
- RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich (Jul 17)
- Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)
- Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 19)
- Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)