27 lines
695 B
YAML
27 lines
695 B
YAML
id: iis-shortname
|
|
info:
|
|
name: iis-shortname
|
|
author: nodauf
|
|
severity: info
|
|
description: If IIS use old .Net Framwork it's possible to enumeration folder with the symbol ~.
|
|
|
|
# References:
|
|
# - https://github.com/lijiejie/IIS_shortname_Scanner
|
|
# - https://www.exploit-db.com/exploits/19525
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/N0t4xist*~1*/a.aspx"
|
|
- "{{BaseURL}}/*~1*/a.aspx'"
|
|
- method: OPTIONS
|
|
path:
|
|
- "{{BaseURL}}/N0t4xist*~1*/a.aspx"
|
|
- "{{BaseURL}}/*~1*/a.aspx'"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
name: iis-scan
|
|
dsl:
|
|
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
|