IIS source code leakage and file type parsing errors

Vulnerability Description: IIS is a web server launched by Microsoft and is widely used. It supports aspasp.net and other languages such as PHP. However, 80sec found that a serious security problem exists in a higher version of IIS. The default configuration provided by the network may cause the server to leak the server script source code.

Vulnerability Description: IIS is a web server launched by Microsoft. It is widely used and can be well supported while supporting asp/asp.net.PHPAnd other languages. However, 80sec found that a serious security problem exists in a higher version of IIS. By default, the server may leak the server script source code according to the network configuration, it is also possible to incorrectly parse any type of files in PHP mode, so that malicious attackers may attack IIS servers that support PHP, especially virtual host users, which may be greatly affected.

Vulnerability Analysis:
IIS supports running PHP in CGI Mode. However, when processing requests in this mode, IIS may cause the same problems as the nginx security vulnerability mentioned by 80sec, any user can remotely parse any type of files in PHP. You can viewPhpIs supported, which may exist if it is CGI/FAST-CGI.

Black box access

Check whether the file exists and the returned HTTP header to check whether the vulnerability exists.

Http://www.80sec.com/robots.txt/1.php

 

At the same time, if the server supports PHP, but asp is used in the application, you can directly view the asp source code of the server by using the following methods:
 

Http://www.80sec.com/some.asp/1.php

 

Vulnerability vendor: http://www.microsoft.com

Solution:

We have tried to contact the official website, but you can reduce the loss through the following methods:

Disable cgi. fix_pathinfo to 0