lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060716105041.15288.qmail@securityfocus.com>
Date: 16 Jul 2006 10:50:41 -0000
From: medozero@...oo.com
To: bugtraq@...urityfocus.com
Subject: Re: Bybass HTTP ( extension files ) in ISA 2004

well for those who didnot get it it is like this 
make a rule in ISA and in the role make the source is internal network and the destination is external now configure the HTTP policy to block specific extension like zip ok now test it try to download any file.zip y0 will have that ISA will prevent y0 from downloading it > now try to add # to the end of the file like file.zip# and see what will happen . If y0 have any comment on this plz reply . and for some ppl who think this is a scripkeddies thing it is not as it is a bug as i see it . 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ