lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060716105041.15288.qmail@securityfocus.com> Date: 16 Jul 2006 10:50:41 -0000 From: medozero@...oo.com To: bugtraq@...urityfocus.com Subject: Re: Bybass HTTP ( extension files ) in ISA 2004 well for those who didnot get it it is like this make a rule in ISA and in the role make the source is internal network and the destination is external now configure the HTTP policy to block specific extension like zip ok now test it try to download any file.zip y0 will have that ISA will prevent y0 from downloading it > now try to add # to the end of the file like file.zip# and see what will happen . If y0 have any comment on this plz reply . and for some ppl who think this is a scripkeddies thing it is not as it is a bug as i see it .