Kevin.SmithFIRSTDATACORP.CO.UK

• Next message: Dimitri van de Giessen: "Why to upgrade to: Front Page 2000 Server Extensions 1.2"
• Previous message: Dylan Griffiths: "Re: Nasty hole in postifx/procmail/cyrus"
• Next in thread: Vitaly Fedrushkov: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Vitaly Fedrushkov: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Frank Berzau: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Ted Behling: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Knud Erik Højgaard: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I suspect that this has already been defined, but I cannot find any reference to it.

Setting secure areas on an intranet secured by URL rules within bordermanager can be bypassed by changing some of the characters in the URL with %-encoded triplets. To access http://home.myintranet.com/secure use http://home.myintranet.com/s%45cure

It doesn't work for characters in the main domain name, nut sub-folders seem to work ok.

I haven't seen any mention of this in any TIDs or service packs for BM, so I assume the fault carries over into version 3.5?

Regards,
Kevin R Smith

• Next message: Dimitri van de Giessen: "Why to upgrade to: Front Page 2000 Server Extensions 1.2"
• Previous message: Dylan Griffiths: "Re: Nasty hole in postifx/procmail/cyrus"
• Next in thread: Vitaly Fedrushkov: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Vitaly Fedrushkov: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Frank Berzau: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Ted Behling: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Reply: Knud Erik Højgaard: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]