WebApp Sec mailing list archives
RE: Double Slashes
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Fri, 5 Aug 2005 09:28:00 -0400
This IIS has no URLScan running. That's the odd thing. Therefore I think it may have been a patch or something.
What I need is a way that the server doesn't strip my slashes and let me send an url like this "www.example.com/dir//page.asp".
The second slash is stripped by IIS itself as part of the normalization process. You will not be able to change this behavior. You have two options: 1. Change this silly application that relies on the extra slash (the preffered solution). 2. Create a hack to get the URI before IIS normalizes it... writing an ISAPI filter or some similar... Kyle
Current thread:
- Double Slashes Andres Molinetti (Aug 04)
- <Possible follow-ups>
- RE: Double Slashes Jeff Robertson (Aug 04)
- RE: Double Slashes Auri Rahimzadeh (Aug 04)
- RE: Double Slashes Andres Molinetti (Aug 04)
- RE: Double Slashes Jeff Robertson (Aug 04)
- RE: Double Slashes Andres Molinetti (Aug 04)
- RE: Double Slashes Auri Rahimzadeh (Aug 04)
- RE: Double Slashes Auri Rahimzadeh (Aug 04)
- Re: Double Slashes Steven M. Christey (Aug 04)
- RE: Double Slashes Kyle Quest (Aug 05)