Bugtraq mailing list archives
Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass
From: tbehling () MONARCHIS NET (Ted Behling)
Date: Thu, 6 Jul 2000 12:31:30 -0400
At 12:23 PM 07/05/2000 +0100, Kevin R Smith wrote:
I suspect that this has already been defined, but I cannot find any
reference to it.
Setting secure areas on an intranet secured by URL rules within
bordermanager can be bypassed by changing some of the characters in the URL with %-encoded triplets. To access http://home.myintranet.com/secure use http://home.myintranet.com/s%45cure Thanks for the post. To add to your great work, I have a slight correction. %45 is a capital E, so that URL would return a 404 if the intranet server is case sensitive. %65 would generate a lowercase e. You might want to re-test with the proper case, as BM's filters may or may not be case sensitive. -------------------------------------------- Ted Behling, E-Commerce Consultant Monarch Information Systems 43 Folly Field Road, Unit 4 Hilton Head Island, SC 29928-5434 mailto:tbehling () monarchis net http://www.monarchis.net Toll-free Phone & Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894 --------------------------------------------
Current thread:
- Novell BorderManager 3.0 EE - Encoded URL rule bypass Kevin R Smith (Jul 05)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Vitaly Fedrushkov (Jul 06)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Knud Erik Højgaard (Jul 06)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Henrik Nordstrom (Jul 10)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Michael R. Rudel (Jul 12)
- The MDMA Crew's GateKeeper Exploit wizdumb () MDMA ZA NET (Jul 13)
- Big Brother filename extension vulnerability xternal (Jul 11)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Henrik Nordstrom (Jul 10)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Ted Behling (Jul 06)
- <Possible follow-ups>
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Frank Berzau (Jul 06)
- Novell BorderManager 3.0 EE - Encoded URL rule bypass Steve Banks (Jul 14)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Coward, Anonymous (Jul 14)