URLScan Confusion

From: Stephajn Craig (s.craig_at_NOSPAMfunsunvacations.com)
Date: 06/13/03

Next message: DHT: "Re: IIS5.0 https:// Not working"

Previous message: Alessandro Perilli: "Re: Wich one is more secure WebDAV/SSL or FTP"
Next in thread: Jeff Cochran: "Re: URLScan Confusion"
Reply: Jeff Cochran: "Re: URLScan Confusion"
Reply: Thomas E Scoggins: "URLScan Confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 13 Jun 2003 10:30:47 -0600

I'm trying to use the URLScan.INI file to prevent a user from typing a
<script> tag on the URL. (To prevent Cross Site Scripting). So, in the
DenyUrlSequences section of the URLScan.ini file I have this line:

So, when I go to type in the word <script> in the URL, URLScan doesn't seem
to be kicking in and denying me access. Instead, I get an HTTP 404 error.

Is this what is supposed to happen?

--
Stephajn Craig

Next message: DHT: "Re: IIS5.0 https:// Not working"

Previous message: Alessandro Perilli: "Re: Wich one is more secure WebDAV/SSL or FTP"
Next in thread: Jeff Cochran: "Re: URLScan Confusion"
Reply: Jeff Cochran: "Re: URLScan Confusion"
Reply: Thomas E Scoggins: "URLScan Confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[InterN0T] Webmedia Explorer - XSS Vulnerability
... Webmedia Explorer - Cross Site Scripting Vulnerability ... Webmedia Explorer is the alternative CMS engine that reads the hard disc and generates a website realtime taking advantage of a very powerful rendering and data fetching caching system. ... -- Will be executed when a user moves his mouse over a tag. ...
(Bugtraq)
Re: URLScan Confusion
... Stephajn Craig ... "Jeff Cochran" wrote in message ... Don't allow Cross Site Scripting ... URLScan doesn't deny anything. ...
(microsoft.public.inetserver.iis.security)