anyone heard of /escape vulnerability ?

Discussion in 'Computer Security' started by .Saphyr, Aug 13, 2003.

  1. .Saphyr

    .Saphyr Guest

    Hi !

    We recently had a network audit conducted on our network and I could
    access the oral report. Unfortunately, the contact dit not seem to know
    much about what was being told so...

    As the subject says, what is a "slash escape" vulnerabiltiy ? The audit
    was made on a IIS server. Googel searches are quite complex with such
    term as I have to find a "/escape" pattern... = (

    ..antoine
     
    .Saphyr, Aug 13, 2003
    #1
    1. Advertising

  2. .Saphyr

    Lord Shaolin Guest

    ..Saphyr <> randomly produced:

    :: Hi !
    ::
    :: We recently had a network audit conducted on our network and I could
    :: access the oral report. Unfortunately, the contact dit not seem to
    :: know much about what was being told so...
    ::
    :: As the subject says, what is a "slash escape" vulnerabiltiy ? The
    :: audit was made on a IIS server. Googel searches are quite complex
    :: with such term as I have to find a "/escape" pattern... = (
    ::
    :: .antoine

    I think you are possibly talking about breaking out of the root directory?

    This is how most of the old web based exploits worked

    e.g. on a Linux machine:

    www.yourdomain.com/../../etc/passwd

    or on Windows:

    www.yourdomain.com/../../../WINNT/repair/sam

    etc

    Google a little on such things (Unicode exploits also work in a similar
    fashion).

    ST

    --


    ..: http://www.security-forums.com :.

    Share your knowledge
    It's a way to achieve
    Immortality.
     
    Lord Shaolin, Aug 13, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RC
    Replies:
    3
    Views:
    1,160
  2. =?Utf-8?B?R2VvcmdlIC1NQ1NF?=

    Has AnyOne Heard of TESTOUT

    =?Utf-8?B?R2VvcmdlIC1NQ1NF?=, Apr 5, 2006, in forum: MCSE
    Replies:
    12
    Views:
    3,249
    Kline Sphere
    Apr 7, 2006
  3. Frédéric
    Replies:
    0
    Views:
    558
    Frédéric
    Jul 13, 2003
  4. voodoo

    Anyone heard of a new virus going around?

    voodoo, Sep 20, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    425
    Vivian from Pentecost Lane
    Sep 20, 2003
  5. Bruce Meyer

    Has anyone heard of this MS Word vulnerability

    Bruce Meyer, Jun 3, 2008, in forum: Computer Security
    Replies:
    4
    Views:
    455
    Klunk
    Jun 5, 2008
Loading...

Share This Page