![microsoft iis 5 microsoft iis 5](https://www.secure128.com/images/iis56pic11.png)
Remediationĭiscard all web requests using the tilde character and add a registry key named NtfsDisable8dot3NameCreation to HKLM\SYSTEM\CurrentControlSet\Control\FileSystem. An attacker will iterate these requests until all interesting files and subdirectories are found. Valid: There is a file whose name starts with “ex”.Īnd so on. Invalid: There is no file whose name starts with “eb” on the server Valid: One or more files beginning with “e” are present on the server Valid: One or more file with short names are found in the server
![microsoft iis 5 microsoft iis 5](https://www.softprime.net/uploads/posts/2017-08/1504191419_microsoft_iis_6.0_resource_kit_tools_scr1.jpg)
Microsoft iis 5 code#
A Microsoft IIS server will respond with status code 400 if the file exists or 404 if the file does not exist on the server.įor a file named exampletest.txt, the attacker will send these requests to the server to know if the file is present or not on the server: http://*~1*/.aspx Another file beginning with EXAMPL (for example examplefile.txt) will be named EXAMPL~2.TXTĪn attacker can use HTTP GET requests to determine if a file is on a Microsoft IIS server. exampletest.txt will be named EXAMPL~1.txt A file whose name is longer than 8 characters will be named with the 6 first letters followed by a ~ and an incrementing number. A file named examples.txt will be named EXAMPLES.TXT What can happen?Įxploiting this vulnerability may cause the leakage of files containing sensitive information such as credentials, configuration files, maintenance scripts and other data. Attackers could find important files that are normally not accessible from the outside and gain intelligence about the application’s infrastructure. InSpec profile to validate the secure configuration of Microsoft Internet Information Services (IIS) 8.5 Site, against DISAs Microsoft IIS 8.5 Site Security Technical Implementation Guide (STIG) Version 1, Release 5. It allows a remote attacker to disclose file and folder names (that are not supposed to be accessible) under the web root. This vulnerability is caused by the tilde character (~) with the old DOS 8.3 name convention (SFN) in a HTTP request.