您现在的位置是:网站首页> 编程资料编程资料
IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)_安全设置_网络安全_
2023-05-24
331人已围观
简介 IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)_安全设置_网络安全_
I. 背景
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft.com/kb/142982/en-us
http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft.com/kb/142982/en-us
http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
相关内容
- 禁止sethc.exe运行 防止3389的sethc后门_安全设置_网络安全_
- 防止E-mail邮箱被攻击 教你如何远离垃圾邮件_安全设置_网络安全_
- 局域网共享安全方式之用局域网文件共享系统实现共享文件夹安全设置_安全设置_网络安全_
- 路由器设置实现DDoS防御详解_安全设置_网络安全_
- IIS 短文件/文件夹漏洞修复方法_安全设置_网络安全_
- 新勒索病毒Petya来袭怎么办?Petya勒索病毒解决图文方法+补丁下载_安全教程_网络安全_
- 百度Hi Csrf蠕虫攻击 _安全教程_网络安全_
- Tomcat后台拿shell _安全教程_网络安全_
- 教你phpMyAdmin 后台拿webshell _安全教程_网络安全_
- 最受黑客喜欢的五种网络口令 _安全教程_网络安全_
点击排行
本栏推荐
-
怪物猎人世界历战王冥灯龙铳枪无脑打法及配装_单机游戏_游戏攻略_
-
Fate/EXTELLA人物阿尔托莉雅潘多拉贡图鉴及资料介绍_单机游戏_游戏攻略_
-
怪物猎人世界评价怎么样_怪物猎人世界全面评测_单机游戏_游戏攻略_
-
Fate/EXTELLA游戏pc版dlc玉藻前Sable Mage Outfit服装图鉴一览_单机游戏_游戏攻略_
-
怪物猎人世界白斩和超会心选哪个更好_白斩和超会心性价比介绍_单机游戏_游戏攻略_
-
Fate/EXTELLA pc版dlc金闪闪Immoral Biker Jacket服饰图鉴_单机游戏_游戏攻略_
-
怪物猎人世界噗哧猪服装从哪里获取_噗哧猪服装获取地点介绍_单机游戏_游戏攻略_
猜你喜欢
- 怪物猎人世界历战王冥灯龙铳枪无脑打法及配装_单机游戏_游戏攻略_
- Fate/EXTELLA人物阿尔托莉雅潘多拉贡图鉴及资料介绍_单机游戏_游戏攻略_
- 怪物猎人世界评价怎么样_怪物猎人世界全面评测_单机游戏_游戏攻略_
- Fate/EXTELLA游戏pc版dlc玉藻前Sable Mage Outfit服装图鉴一览_单机游戏_游戏攻略_
- 怪物猎人世界白斩和超会心选哪个更好_白斩和超会心性价比介绍_单机游戏_游戏攻略_
- Fate/EXTELLA pc版dlc金闪闪Immoral Biker Jacket服饰图鉴_单机游戏_游戏攻略_
- 怪物猎人世界噗哧猪服装从哪里获取_噗哧猪服装获取地点介绍_单机游戏_游戏攻略_
