Bypass surfControl URL Blocking
Reported Feburary 4, 2000 by
Mike C
VERSIONS AFFECTED
  • surfControl Scout 2.6.1.6

DESCRIPTION

surfControl Scout is a package designed to block access to specified URLs. However, by appending a period to the end of a URL a blocked URL may still be accessed, thereby bypassing the rules defined in the surfScout application.

 DEMONSTRATION

If the URL http://www.some-blocked-site.com were blocked by surfScout rules then the site could be accessed be entering http://www.some-blocked-site.com. --- notice the period on the end of the URL. <font face="Verdana" size="2" color="#b50016"><strong>VENDOR RESPONSE</strong></font>

The vendor has released a patch that upgrades 2.1.6.x versions to 2.6.1.7, as well as a complete version 2.6.1.7 package for download.

CREDITS
Discovered by Mike C