#TodayILearned
  • Intro
  • Mobile
    • ADB
    • Bundletool
    • Frida
    • Objection
    • Apktool
    • Patching Smali
    • jadx
    • Xamarin
    • Emulator
    • Correlium
  • Network
    • Bettercap
  • Red Team
    • Unicorn
    • Macros
    • Defense Evasion
      • Load shellcode from memory using Golang
      • Hershell
    • Initial Compromise
      • Password Spraying
  • Web
    • Burp
    • IIS
  • Pentest
    • Metasploit
    • sqlmap
    • Hashcat
  • Miscellaneous
  • Recon
  • Docker
    • GitHub
    • Pulling from an insecure registry
    • Exploring a Docker image
  • Recon
    • Aquatone
    • Censys
    • MassDNS
    • S3 buckets enumeration with ffuf
    • Shodan
  • Flutter
    • Privilege Escalation
  • SSTI
Powered by GitBook
On this page

Was this helpful?

  1. Web

IIS

PreviousBurpNextMetasploit

Last updated 4 years ago

Was this helpful?

Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character (~). This may allow a remote attacker to gain access to file and folder name information.

brew install jenv
echo 'export PATH="$HOME/.jenv/bin:$PATH"' >> ~/.zshrc
echo 'eval "$(jenv init -)"' >> ~/.zshrc
brew tap homebrew/cask-versions
jenv add $(/usr/libexec/java_home)
jenv add /Library/Java/JavaVirtualMachines/zulu-7.jdk/Contents/Home/
jenv version
jenv doctor
git clone https://github.com/irsdl/IIS-ShortName-Scanner
cd IIS-ShortName-Scanner
jenv local 1.7
java -jar iis_shortname_scanner.jar URL

GitHub - irsdl/IIS-ShortName-Scanner: latest version of scanners for IIS short filename (8.3) disclosure vulnerabilityGitHub
Logo