首页| JavaScript| HTML/CSS| Matlab| PHP| Python| Java| C/C++/VC++| C#| ASP| 其他|
购买积分 购买会员 激活码充值

您现在的位置是:虫虫源码 > ASP > 微软IIS POC shortname扫描仪

微软IIS POC shortname扫描仪

  • 资源大小:26.06 kB
  • 上传时间:2021-06-30
  • 下载次数:0次
  • 浏览次数:1次
  • 资源积分:1积分
  • 标      签: 微软 扫描仪

资 源 简 介

**This scanner has been moved to github for better support: https://github.com/irsdl/iis-shortname-scanner/** NEWER VERSION IS AVAILABLE Research file: http://soroush.secproject.com/downloadable/microsoftiistildecharactervulnerability_feature.pdf It is possible to detect short names of files and directories which have an 8.3 equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of “.aspx” files as they have 4 letters in their extensions. I have written a small scanner as a proof of concept. It seems the latest versions of IIS and .Net version 4 have been secured against this attack. Moreover, some of the websites which use special URL-rewrite rules are also safe. Note that the Basic authentication and Windows authentication cannot stop this attack. It is not easy to enumerate the short names manually as it will take a long time.

文 件 列 表

scanner-compiled
run.bat
scanner$1.class
scanner$2.class
scanner$3.class
scanner$4.class
scanner$5.class
scanner$6.class
scanner$ThreadPool$PooledThread.class
scanner$ThreadPool.class
scanner.class
scanner.java

相 关 资 源

您 可 能 感 兴 趣 的

同 类 别 推 荐

VIP VIP