8,329
社区成员
发帖
与我相关
我的任务
分享【IIS】Microsoft IIS Tilde directory enumaration problems问题解决??
扫描工具显示Microsoft IIS的漏洞:
Microsoft IIS tilde directory enumeration Alert group
Description:It is possible to detect short names of files and directories which have an 8.3 file naming scheme
equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is
possible to detect all short-names of ".aspx" files as they have 4 letters in their extensions. This
can be a major issue especially for the .Net websites which are vulnerable to direct URL access as
an attacker can find important files and folders that they are not normally visible.
Recommendations: Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject. A link to
this paper is listed in the Web references section bellow.
哪位大侠遇到过类似问题,帮忙回复下,多谢
Microsoft IIS tilde directory enumeration Alert group
Description:It is possible to detect short names of files and directories which have an 8.3 file naming scheme
equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is
possible to detect all short-names of ".aspx" files as they have 4 letters in their extensions. This
can be a major issue especially for the .Net websites which are vulnerable to direct URL access as
an attacker can find important files and folders that they are not normally visible.
Recommendations: Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject. A link to
this paper is listed in the Web references section bellow.
哪位大侠遇到过类似问题,帮忙回复下,多谢
...全文
请发表友善的回复…
发表回复
