本文 翻译 自 exploit-db.com,is hard to force Amderma children's shoes after hours of tossing,reproduced, please renowned provenance,tks. E Wen too the dish,if there is an error, please you greatly more correct.
IIS is Microsoft using the Microsoft windows feature extension modules created a set ofweb serverapplication, is the world's third most popular Server.
Vulnerability research team discovered a Microsoft IIS vulnerability,the attacker can use the one that contains the"~"in the get request,to keep files on the server and the folder is leakage,
IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2 0 0 0
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2 0 0 3 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2 0 0 8 and Windows Vista
IIS 7.5, Windows 7 (remote on error or no web. config configuration file of the case)
IIS 7.5, Windows 2 0 0 8 (classic managed pipeline mode)
Vulnerability analysis with the use of:
If the site is running in IIS on the server, by"~"to find some files and folders,attacker can find important files or folders, if these files or folders is a normal visible file.
On the vulnerability of in-depth analysis can refer to the following connection in the article: