abort_invalid_hex ???
Results 1 to 2 of 2

Thread: abort_invalid_hex ???

  1. #1
    Junior Member
    Join Date
    Aug 2004
    Posts
    12

    abort_invalid_hex ???

    how a attacker abuse from abort_invalid_hex option in snort?
    for example if he send invalid hex (%0J) what happen ?
    do web server accept it?

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Yes, some webservers do accept it. It could be abused to circumvent input filtering, thwart IDS, obfuscate urls etc.

    http://www.securityfocus.com/bid/886/discussion/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •