how a attacker abuse from abort_invalid_hex option in snort?
for example if he send invalid hex (%0J) what happen ?
do web server accept it? :eek:
Printable View
how a attacker abuse from abort_invalid_hex option in snort?
for example if he send invalid hex (%0J) what happen ?
do web server accept it? :eek:
Yes, some webservers do accept it. It could be abused to circumvent input filtering, thwart IDS, obfuscate urls etc.
http://www.securityfocus.com/bid/886/discussion/