IIS Short File/Folder Name Disclosure(iis短文件或文件夹名
网络安全 2021-07-03 09:22www.168986.cn网络安全知识
I. 背景
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject./blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft./kb/142982/en-us
http://soroush.secproject./blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject./blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft./kb/142982/en-us
http://soroush.secproject./blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
网络安全培训
- 网络安全常见漏洞类型 网络安全常见漏洞类型包
- 绿色上网顺口溜七言 绿色上网的宣传标语
- 网络安全等级保护测评 网络安全等级保护条例
- 如何加强网络安全 网络安全隐患有哪些
- 网络安全防护措施有哪些 网络安全等级保护等级
- 如何保障网络安全 如何做好网络安全保障工作
- 维护网络安全的措施有哪些 维护网络安全的主要
- 网络安全工程师好学吗 2024年网络安全工程师好学
- 网络安全注意事项简短 网络安全注意事项100字
- 网络安全面临的挑战 当前网络安全面临的新问题
- 网络安全培训哪个靠谱 网络安全培训找哪个
- 普及网络安全知识内容 普及网络安全教育
- 网络安全防范知识宣传内容 网络安全防范知识宣
- 如何做好网络安全工作 如何做好网络安全工作
- 网络安全常识的丰富内容 网络安全的相关知识
- 青少年网络安全教育片 青少年网络安全知识讲座