IIS_shortname_Scanner icon indicating copy to clipboard operation
IIS_shortname_Scanner copied to clipboard

Published 20 hours ago verified publisher icon lijiejie

Metadata

an IIS shortname Scanner

IIS shortname Scanner

Under certain circumstances, windows 8.3 short names may be bruteforce enumerated under IIS with .net enabled,

request these two urls:

  • http://www.target.com/~1***/a.aspx

  • http://www.target.com/l1j1e*~1****/a.aspx

If the first one return HTTP 404 and the second one return no 404. Your server might be exploitable to this vulnerability.

Change Log (Oct 27, 2016)

  • Bug fixed: extention short than 4 letters like /webdeb~1.cs now could be enumerated
  • Code reconstruction

Usage

	iis_shortname_Scan.py target

from http://www.lijiejie.com my[at]lijiejie.com

Metadata

430
Stars
230
Forks
Watchers

Owner

verified publisher icon lijiejie

Metadata

an IIS shortname Scanner

Back