Message sent! Check your Phone

dos

dos

IIS Shortname Scanner PoC

2y ago
SOURCE  

Description

Please visit SecProject.com to read the details and find the PoC code: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf Microsoft IIS tilde character "~" Vulnerability/Feature - PoC: ------------------------------------------------------------------------------------------ Microsoft IIS tilde character "~" Vulnerability/Feature -- Short File/Folder Name Disclosure, Recoverable DoS Target: http://www.sdl.me/ Server: Microsoft-IIS/7.0 .Net Framework: Version 2 Example: java scanner 2 20 http://www.sdl.me/ -- 20 = number of threads, 2= it shows the live scan result on the screen #Title: [Microsoft IIS tilde character "~" Vulnerability/Feature -- Short File/Folder Name Disclosure, Recoverable DoS] #Date: [ - Vendor Awareness: 3 August 2010 - Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix - Last Vendor Response Result for Tilde "~" Vulnerability: As it has already been rectified in latest versions of .Net & IIS which follow best practices, Microsoft does not have any plan to change the other versions. - Published: 29 June 2012 ] #Application Name: [Microsoft IIS, .Net Framework] #Version: [All versions of IIS except IIS 7.5 and on .Net Framework 4] #Impact: [Unknown] #Reference(s): [ - http://www.secproject.com ] #Credit: [ - Soroush Dalili (@irsdl) - Ali Abbasnejad ]