question

Chinz2013-6154 avatar image
Chinz2013-6154 asked ·

Azure IIS Tilde "~" Vulnerebility

My client got a website and right now doing the penetration test. However my test keep failed on the windows short file disclosure issue. You can refer the link as i posted https://forums.iis.net/p/1248972/2158325.aspx?Re+IIS+Custom+Error+Page+not+working+for+

Each time enter https://www.website.com/*~1, my application will return Error 404 instead of custom error page. My client is using Azure VM Server 2012R2 and running IIS 8.5 at the moment.

I've tried the following:

 1. Deny URL sequence with "~" in Request Filtering in IIS.
 2. Used URL rewrite with pattern (^[^\?]\~.\?.$)|(^[^\?]\~.*$), action: Abort Request
 3. Tried URLScan 3.1 but seem no more working for IIS 8.5.
 4. Tried with new project and create only 1 html file for test.
 5. Disabled NtfsDisable8dot3NameCreation under registry.
 6. Scanned c:\inetpub and there is 0 window short file name.
 7. Run windows update 

All above with no luck. If you got better solution,

azure-virtual-machines
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers