Penetration Testing mailing list archives

re: IDS and Unicode

From: Blurred Vision <blurred_visi0n () yahoo com au>
Date: Tue, 29 May 2001 11:36:33 +1000 (EST)

Parth,
   I think you will find that IIS doesn't log the
unicode values, as they are translated into plain
ascii  before being processed (and then logged) 

The IIS logfile for the  /..%c0%af../ original unicode
is logged as /../../

I think the same would go for cmd.exe in the log file.
 Checking for unicode variants would only work if you
were performing on the wire monitoring.  (Which is
ineffective on an SSL site anyway...

Blurred

_____________________________________________________________________________
http://messenger.yahoo.com.au - Yahoo! Messenger
- Voice chat, mail alerts, stock quotes and favourite news and lots more!

Current thread:

IDS and Unicode Parth Galen (May 28)
- Re: IDS and Unicode Kevin J. Menard, Jr. (May 29)
- <Possible follow-ups>
- re: IDS and Unicode Blurred Vision (May 28)