IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)_安全设置教程-查字典教程网
IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)
IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)
发布时间:2016-12-21 来源:查字典编辑
摘要:I.背景---------------------"IISisawebserverapplicationandsetoffeatureext...

I. 背景

---------------------

"IIS is a web server application and set of

feature extension modules created by Microsoft for use with Microsoft Windows.

IIS is the third most popular server in the world." (Wikipedia)

II. 概述

---------------------

Vulnerability Research Team discovered a vulnerability

in Microsoft IIS.

The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers

to diclose File and Folder names.

III. 影响产品

---------------------------

IIS 1.0, Windows NT 3.51

IIS 2.0, Windows NT 4.0

IIS 3.0, Windows NT 4.0 Service Pack 2

IIS 4.0, Windows NT 4.0 Option Pack

IIS 5.0, Windows 2000

IIS 5.1, Windows XP Professional and Windows XP Media Center Edition

IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition

IIS 7.0, Windows Server 2008 and Windows Vista

IIS 7.5, Windows 7 (error remotely enabled or no web.config)

IIS 7.5, Windows 2008 (classic pipeline mode)

Note: Does not work when IIS uses .Net Framework 4.

IV. Binary Analysis & Exploits/PoCs

---------------------------------------

Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.

The attacker can find important file and folders that they are not normaly visible.

In-depth technical analysis of the vulnerability and a functional exploit

are available through:

http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/

V. 解决方案

----------------

There are still workarounds through Vendor and security vendors.

Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).

VII. 参考

----------------------

http://support.microsoft.com/kb/142982/en-us

http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/

相关阅读
推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
  • 大家都在看
  • 小编推荐
  • 猜你喜欢
  • 最新安全设置学习
    热门安全设置学习
    网络安全子分类