I. 背景
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical *** ysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
苏州市什么区(苏州市所辖县区经济发展排名、总面积、人口数量等数据信息)苏州市,通称“苏”,旧称姑苏、平江县,苏州市具备悠久的历史文化艺术,是第一批中国历史文化文化之乡之一。外省和浙江、上海交界处,...
王者荣耀手游s20赛季已经到来,大家对s20赛季的新内容十分感兴趣,最近,王者荣耀s20赛季战令奖励曝光了一个海报,从海报中,我们可以分析出一些新内容,海报中明显揭示了战令1级皮肤,小伙伴不知道1级皮...
三皈依从本质上讲是皈依觉、正、净自性三宝,即觉而不迷、正而不邪、净而不染;皈依从佛教形式上讲指的是皈依佛、法、僧三宝。 “皈”是回归、回头,“依”是依靠。皈依就是求做释迦牟尼佛的学生,遵从释迦牟...
列位的Google还好吗?据说是正在维护海底光纤, 照样由于8*8纪念日,全面禁止外国的搜索。 不管是什么原因,横竖谷歌是不能登录了, 经常搜索外国资料的朋友们不方便了吧, 提供两个地址,轻松...
本文导读目录: 1、黑客道德、精神、信仰是什么? 2、黑客是怎么练成的? 3、黑客有分哪两种? 4、关于黑客知识 5、黑客的等级是如何划分的? 6、黑客分为几种 ?哪几种?都什么特...
新华社北京1月30日电(记者张辛欣、陈聪)记者30日从国家卫健委获悉,1月29日0-24时,31个省(自治区、直辖市)和新疆生产建设兵团报告新增确诊病例1737例(西藏首例确诊病例),新增重症病例13...