IIS Vulnerabilities - Shortname Scanner Proof of Concept

It is possible to detect short names of files and directories which have an 8.3 file naming scheme equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of “.aspx” files as they have 4 letters in their extensions.

Soroush Dalili and Ali Abbasnejad have written a small scanner as a proof of concept. It seems the latest versions of IIS and .Net version 4 have been secured against this attack. Moreover, some of the websites which use special URL-rewrite rules are also safe. Note that Basic authentication and Windows authentication cannot stop this attack.

Please visit SecProject.com to read the details and find the PoC code:
http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf

Rechercher dans ce blog

Fabrice Kauffmann's Tech Blog

IIS Vulnerabilities - Shortname Scanner Proof of Concept

Commentaires