How to fix IIS short files/folders and iis folder Vulnerabilities
Recently, the website system has been scanned for a vulnerability: IIS short files/folders.
Related vulnerability testing tools: http://www.bkjia.com/softs/550780.html
Vulnerability level: medium-risk vulnerability address: All websites
I have been searching for a method. If I can use wildcards "*" and "? "Sending a request to iis, I realized that when IIS receives a file path that contains "~ "The response of a request is different. Based on this feature, we can distinguish an available or unavailable File Based on the http response. In the following table, the file validxxx. xxx exists in the root directory of the website server. (Note: xxx. xxx indicates that you are uncertain and still need to guess ). The main difference is that different versions of IIS return an error based on the request returned to determine whether a file exists.
For example, if an IIS6 website http://www.xxx.com's short file guessing method. (Be sure to support aspx, which can be determined by x. aspx)
Request http://www.xxx.com/a *~ 1 */. aspx returns 404, indicating that an axxx. xxx file starting with a exists (xxx. xxx also needs to determine the letter and suffix ).
Request http://www.xxx.com/a *~ 1 */. aspx returns 400, indicating that an axxx. xxx file starting with a does not exist (xxx. xxx needs to further determine the letter and suffix ).
Defense methods
Hazard level: mild
IIS short file name leakage Vulnerability
WASC Threat Classification
Description: Microsoft IIS has the file enumeration vulnerability. Attackers can exploit this vulnerability to enumerate files in the root directory of a network server.
1. Internet Information Services (IIS) is a basic Internet service running Microsoft Windows.
Microsoft IIS has the file enumeration vulnerability. Attackers can exploit this vulnerability to enumerate files in the root directory of a network server.
Hazards: attackers can exploit "~" It can be used to guess or traverse the file name on the server, or initiate a Denial-of-Service attack on the. Net Framework in the IIS server.
Cause: NTFS8.3 file name creation is not prohibited.
Vulnerability:
I have found a lot of information on the Internet that has not achieved the repair effect. I suggest you use it on the Internet. net Farrmework upgraded to 4.0 to fix this vulnerability. However, the system framework is version 4.0 and the vulnerability still exists after being scanned.
Combine the data to organize the repair solution:
Disable NTFS 8.3 file format. This feature is enabled by default and does not need to be enabled for most users.
If you are a virtual host space user, contact the space provider for repair. Vulnerability Description: IIS short file name leakage vulnerability. The file enumeration vulnerability exists in IIS. Attackers can exploit this vulnerability to obtain files in the root directory of the server.
1. Modify the registry key: (restart the server to take effect)
HKLM \ SYSTEM \ CurrentControlSet \ Control \ FileSystem \ NtfsDisable8dot3NameCreation
The value is 1.
2. Execute the doscommand, fsutil behavior set disable8dot3 1
3. If your web environment does not require the support of asp.net, you can access the Internet Information Service (IIS) manager --- Web service extension-ASP. NET and choose to disable this function.
4. Upgrade net framework to version 4.0 or later.
5. Delete the existing IIS directory and redeploy it. Complete this step to complete the repair. (For example, it turns out that wwwjb51 should first create a new directory wwwjb512 and then change it back to wwwjb51)
Copy the content of the web folder to another location, such as D: \ www to D: \ www. back, delete the original folder D: \ www, and rename D: \ www. back to D: \ www. If you do not copy the file again, the existing short file name will not disappear.
This operation has been performed for Security penetration scanning, and no iis short File Vulnerability is found.