您现在的位置是:网站首页> 编程资料编程资料
IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)_安全设置_网络安全_
2023-05-24
320人已围观
简介 IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)_安全设置_网络安全_
I. 背景
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft.com/kb/142982/en-us
http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft.com/kb/142982/en-us
http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
相关内容
- 禁止sethc.exe运行 防止3389的sethc后门_安全设置_网络安全_
- 防止E-mail邮箱被攻击 教你如何远离垃圾邮件_安全设置_网络安全_
- 局域网共享安全方式之用局域网文件共享系统实现共享文件夹安全设置_安全设置_网络安全_
- 路由器设置实现DDoS防御详解_安全设置_网络安全_
- IIS 短文件/文件夹漏洞修复方法_安全设置_网络安全_
- 新勒索病毒Petya来袭怎么办?Petya勒索病毒解决图文方法+补丁下载_安全教程_网络安全_
- 百度Hi Csrf蠕虫攻击 _安全教程_网络安全_
- Tomcat后台拿shell _安全教程_网络安全_
- 教你phpMyAdmin 后台拿webshell _安全教程_网络安全_
- 最受黑客喜欢的五种网络口令 _安全教程_网络安全_
