Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass

From: tbehling () MONARCHIS NET (Ted Behling)
Date: Thu, 6 Jul 2000 12:31:30 -0400

At 12:23 PM 07/05/2000 +0100, Kevin R Smith wrote:

I suspect that this has already been defined, but I cannot find any

reference to it.


Setting secure areas on an intranet secured by URL rules within

bordermanager can be bypassed by changing some of the characters in the URL
with %-encoded triplets.  To access http://home.myintranet.com/secure use
http://home.myintranet.com/s%45cure

Thanks for the post.  To add to your great work, I have a slight
correction.  %45 is a capital E, so that URL would return a 404 if the
intranet server is case sensitive.  %65 would generate a lowercase e.  You
might want to re-test with the proper case, as BM's filters may or may not
be case sensitive.

--------------------------------------------
Ted Behling, E-Commerce Consultant
Monarch Information Systems
43 Folly Field Road, Unit 4
Hilton Head Island, SC 29928-5434

mailto:tbehling () monarchis net
http://www.monarchis.net
Toll-free Phone & Fax: 1-800-842-7894
Local or Outside the USA: 1-843-842-7894
--------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: