[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    UTF-16 and premature request ending evasion
From:       "Cox, Michael" <mscox () ti ! com>
Date:       2003-01-28 15:25:23
[Download RAW message or body]

Can anyone give me an example of a webserver that will respond to UTF-16
(%HH%HH) encoding or the "Premature request ending" tactic outlined in RFP's
paper (respond with something other than an error, I mean, for all you wise
guys out there :-)? How prevalent is susceptibility to these two techniques
in particular (in terms of the web server not the IDS)?

Thanks!
Michael
[prev in list] [next in list] [prev in thread] [next in thread]