Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure

Click here to download the paper.

Two security issues have been reported via this security research:

1- IIS Short File/Folder Name Disclosure by using tilde “~” character:

        Click here for the advisory

2- .Net Framework Tilde Character DoS:

        Click here for the advisory

Workaround and Prevention:

We are working with security vendors to come up with a solution to mitigate the risk of these vulnerabilities. The paper PDF file will be updated accordingly.

IIS Shortname Scanner PoC – Source Codehttp://code.google.com/p/iis-shortname-scanner-poc/

PoC Video:

Click here to download the paper.
Download Link:


http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf

About Soroush Dalili
Web application security pentester.

11 Responses to Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure

  1. AbiusX says:

    This is because of the underlying Windows APIs called for retrieving the filename.
    Same issues are available in PHP on a Windows server and have already been reported.

  2. wang says:

    awesome discovery

  3. Pingback: IIS短文件和文件夹泄漏漏洞 | we8i

  4. nikhil says:

    hey,

    I just found it also perfectly working on .net 4.0 as well.

    • volodymyr says:

      interesting…
      is it enough to install .net 4 on web server? or website must be running under .net 4 as well?

  5. Pingback: Attack@Dis9Team » IIS短文件和文件夹泄漏漏洞

  6. Yang says:

    can this method find folder ?

    i think that this method is possible to find file only

  7. Willa says:

    Cheers for useful content in your blog post Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure.

    ..
    Best regards.

  8. Kev says:

    Any patch yet? Can’t find information about it..

    Thanks