Please visit SecProject.com to read the details and find the PoC code:
Microsoft IIS tilde character “~” Vulnerability/Feature – PoC:
——————————————————————————————
Microsoft IIS tilde character “~” Vulnerability/Feature — Short File/Folder Name Disclosure, Recoverable DoS
Target:
Server: Microsoft-IIS/7.0
.Net Framework: Version 2
Example: java scanner 2 20
— 20 = number of threads, 2= it shows the live scan result on the screen
#Title: [Microsoft IIS tilde character “~” Vulnerability/Feature — Short File/Folder Name Disclosure, Recoverable DoS]
#Date: [
– Vendor Awareness: 3 August 2010
– Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix
– Last Vendor Response Result for Tilde “~” Vulnerability: As it has already been rectified in latest versions of .Net & IIS which follow best practices, Microsoft does not have any plan to change the other versions.
– Published: 29 June 2012
]
#Application Name: [Microsoft IIS, .Net Framework]
#Version: [All versions of IIS except IIS 7.5 and on .Net Framework 4]
#Impact: [Unknown]
#Reference(s): [
–
]
#Credit: [
– Soroush Dalili (@irsdl)
– Ali Abbasnejad
]
Tag: microsoft iis tilde directory enumeration, IIS tilde vulnerability, IIS short name scanner, IIS tilde feature, IIS ~
Xem thêm: https://blogmáytính.vn/category/internet
Nguồn: https://blogmáytính.vn
