冉冉升起的如银的炊烟,那更古沉默永不停息的小溪,那驮着夕阳缓缓独行的老牛,一方方秧田像棋盘格子,绿绒绒的秧苗,织成一幅幅地毯,远远地伸向天际;丛丛绿树掩映着青砖红瓦的房屋。春天,故乡的松树林依然郁郁苍苍,映山红却已开遍山丘。
I. 背景---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)
Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS.
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft.com/kb/142982/en-us
http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/
以上就是IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)。说话不要有攻击性,不要有杀伤力,不夸已能,不扬人恶,自然能化敌为友。更多关于IIS Short File/Folder Name Disclosure(iis短文件或文件夹名泄露)请关注haodaima.com其它相关文章!
