Monthly Archives: June 2012

Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure

Click here to download the paper.

Two security issues have been reported via this security research:

1- IIS Short File/Folder Name Disclosure by using tilde “~” character:

        Click here for the advisory

2- .Net Framework Tilde Character DoS:

        Click here for the advisory

Workaround and Prevention:

We are working with security vendors to come up with a solution to mitigate the risk of these vulnerabilities. The paper PDF file will be updated accordingly.

IIS Shortname Scanner PoC – Source Code: http://code.google.com/p/iis-shortname-scanner-poc/

PoC Video:

Click here to download the paper.
Download Link:

http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf