IIS Short File/Folder Name Disclosure(iis短文件或文件夹名

I. 背景
---------------------
"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Wdows.
IIS is the third most popular server the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a  vulnerability
Microsoft IIS.
The vulnerability is caused by a tilde character "~" a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
    IIS 1.0, Wdows NT 3.51
    IIS 2.0, Wdows NT 4.0
    IIS 3.0, Wdows NT 4.0 Service Pack 2
    IIS 4.0, Wdows NT 4.0 Option Pack
    IIS 5.0, Wdows 2000
    IIS 5.1, Wdows XP Professional and Wdows XP Media Center Edition
    IIS 6.0, Wdows Server 2003 and Wdows XP Professional x64 Edition
    IIS 7.0, Wdows Server 2008 and Wdows Vista
    IIS 7.5, Wdows 7 (error remotely enabled or no web.config)
    IIS 7.5, Wdows 2008 (classic pipele mode)
    Note: Does not work when IIS uses .Net Framework 4.
IV. Bary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to fd short names of files and folders when the website is runng on IIS.
The attacker can fd important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject./blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Usg a configured WAF may be usefull (discardg web requests cludg the tilde "~" character).
VII. 参考
----------------------
http://support.microsoft./kb/142982/en-us
http://soroush.secproject./blog/2010/07/iis5-1-directory-authentication-bypass-by-usg-i30dex_allocation/