IDS mailing list archives
UTF-16 and premature request ending evasion
From: "Cox, Michael" <mscox () ti com>
Date: Tue, 28 Jan 2003 09:25:23 -0600
Can anyone give me an example of a webserver that will respond to UTF-16 (%HH%HH) encoding or the "Premature request ending" tactic outlined in RFP's paper (respond with something other than an error, I mean, for all you wise guys out there :-)? How prevalent is susceptibility to these two techniques in particular (in terms of the web server not the IDS)? Thanks! Michael
Current thread:
- UTF-16 and premature request ending evasion Cox, Michael (Jan 28)