RES: RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3]

Hum.

Anyway, I think that "something" could appear in the logs, but nothing gets logged.

Forgive me about my lack of programming skills (maybe the following question simply does not apply) but does this kind of behaviour can be used to hide a lagitimate request ? If so, someone could access HTTP content inside an IIS without anything making into the logs.

Romulo M. Cholewa
Home : http://www.rmc.eti.br
Forum: http://zeus.rmc.eti.br/forum
PGP Keys Available @ website.

    "If a technology does not seem like magic, that's because   
                     it's not good enough."                     
                                                                
                                                                

]-----Mensagem original-----
]De: Anthony LaMantia [mailto:contact@bia-security.com]
]Enviada em: sexta-feira, 6 de dezembro de 2002 03:58
]Para: dullien@gmx.de
]Cc: Romulo M. Cholewa; Dan Hanson; at4r; vuln-dev@securityfocus.com
]Assunto: Re: RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3]
]
]
]well i think that you should look at the headers of that "security
]alert"... then maybe you will get a clue that this is a joke
]
]the senders e-mail is:
]
]at4r@hotmail.com
]
]and the reply to addr is
]at4r@3wdesign.es
]
]
]-Anthony LaMantia
]http://www.bia-security.com
]
]
]dullien@gmx.de wrote:
]
]> Hey all,
Received on Fri Dec 6 14:54:18 2002