Microsoft IIS directory enumeration

Description

Kayran has detected the Microsoft IIS directory enumeration vulnerability.
By using the tilde character (“~”) in a GET or OPTIONS requests, it allows “guessing” short names and extensions of files and directories which have an 8.3 file naming scheme equivalent in Windows versions of Microsoft IIS.

Such vulnerability may lead to an issue especially for .Net based websites which are vulnerable to direct URL access (also known as path aliasing).
An attacker could find important files and folders that are not supposed to be accessible (and visible) to everyone.

Recommendation

To prevent this vulnerability, make sure to discard all web requests that are using the tilde character (“~”).
Also, add a registry key named :  
NtfsDisable8dot3NameCreation
to
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem

Set the value of the key to 1 to mitigate all 8.3 name related conventions found on the server.

References

https://social.msdn.microsoft.com/Forums/en-US/3772293e-b91c-42e6-8516-9bf6184238b6/directory-enumeration-possible-on-web-server?forum=iissecurity

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »