资 源 简 介
**This scanner has been moved to github for better support:
https://github.com/irsdl/iis-shortname-scanner/**
NEWER VERSION IS AVAILABLE
Research file: http://soroush.secproject.com/downloadable/microsoftiistildecharactervulnerability_feature.pdf
It is possible to detect short names of files and directories which have an 8.3 equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of “.aspx” files as they have 4 letters in their extensions. I have written a small scanner as a proof of concept. It seems the latest versions of IIS and .Net version 4 have been secured against this attack. Moreover, some of the websites which use special URL-rewrite rules are also safe. Note that the Basic authentication and Windows authentication cannot stop this attack.
It is not easy to enumerate the short names manually as it will take a long time.
