客服电话
APP下载
迪恩网络APP
随时随地掌握行业动态
官方微信
扫描二维码
关注迪恩网络微信公众号
|
I. 背景 --------------------- "IIS is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. IIS is the third most popular server in the world." (Wikipedia) II. 概述 --------------------- Vulnerability Research Team discovered a vulnerability in Microsoft IIS. The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers to diclose File and Folder names. III. 影响产品 --------------------------- IIS 1.0, Windows NT 3.51 IIS 2.0, Windows NT 4.0 IIS 3.0, Windows NT 4.0 Service Pack 2 IIS 4.0, Windows NT 4.0 Option Pack IIS 5.0, Windows 2000 IIS 5.1, Windows XP Professional and Windows XP Media Center Edition IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition IIS 7.0, Windows Server 2008 and Windows Vista IIS 7.5, Windows 7 (error remotely enabled or no web.config) IIS 7.5, Windows 2008 (classic pipeline mode) Note: Does not work when IIS uses .Net Framework 4. IV. Binary Analysis & Exploits/PoCs --------------------------------------- Tilde character "~" can be used to find short names of files and folders when the website is running on IIS. The attacker can find important file and folders that they are not normaly visible. In-depth technical analysis of the vulnerability and a functional exploit are available through: http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/ V. 解决方案 ---------------- There are still workarounds through Vendor and security vendors. Using a configured WAF may be usefull (discarding web requests including the tilde "~" character). VII. 参考 ---------------------- http://support.microsoft.com/kb/142982/en-us http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/ |
2022-08-15
2022-08-17
2022-09-23
2023-10-27
2022-08-18
六六分期app的软件客服如何联系?不知道吗?加qq群【895510560】即可!标题:六六分期
今天小编告诉大家如何处理win10系统火狐flash插件总是崩溃的问题,可能很多用户都不知
今天小编告诉大家如何对win10系统删除桌面回收站图标进行设置,可能很多用户都不知道
今天小编告诉大家如何对win10系统电脑设置节能降温的设置方法,想必大家都遇到过需要
我们在使用xp系统的过程中,经常需要对xp系统无线网络安装向导设置进行设置,可能很多
今天小编告诉大家如何处理win7系统玩cf老是与主机连接不稳定的问题,可能很多用户都不
电脑对日常生活的重要性小编就不多说了,可是一旦碰到win7系统设置cf烟雾头的问题,很
我们在日常使用电脑的时候,有的小伙伴们可能在打开应用的时候会遇见提示应用程序无法
今天小编告诉大家如何对win7系统打开vcf文件进行设置,可能很多用户都不知道怎么对win
今天小编告诉大家如何对win10系统s4开启USB调试模式进行设置,可能很多用户都不知道怎
请发表评论