[Full-Disclosure] re: Microsoft Outlook Web Access URL Injection

looks like MS is NOT publicly releasing a fix for this, while they have the means and solution at hand. ( at least under IE ) a kind reader sent this little snippet... ... was able to get Microsoft to provide us with a DLL to drop under IIS 6 to compare URL variable against the Host: header

Re: [Full-Disclosure] re: Microsoft Outlook Web Access URL Injection

On Mon, 07 Feb 2005 09:27:25 PST, morning_wood said: looks like MS is NOT publicly releasing a fix for this, while they have the means and solution at hand. ( at least under IE ) a kind reader sent this little snippet... ... was able to get Microsoft to provide us with a DLL to drop under