微信怎样偷偷定位好友 微信定位找人不被发现

微信怎样偷偷定位好友 微信定位找人不被发现

黑客平台hacker2020-10-30 8:00:002585A+A-

"IIS is a web server application and set of
feature extension modules created by Microsoft for use with Microsoft Windows.
IIS is the third most popular server in the world." (Wikipedia)
II. 概述
---------------------
Vulnerability Research Team discovered a  vulnerability
in Microsoft IIS.
The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers
to diclose File and Folder names.
III. 影响产品
---------------------------
    IIS 1.0, Windows NT 3.51
    IIS 2.0, Windows NT 4.0
    IIS 3.0, Windows NT 4.0 Service Pack 2
    IIS 4.0, Windows NT 4.0 Option Pack
    IIS 5.0, Windows 2000
    IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
    IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
    IIS 7.0, Windows Server 2008 and Windows Vista
    IIS 7.5, Windows 7 (error remotely enabled or no web.config)
    IIS 7.5, Windows 2008 (classic pipeline mode)
    Note: Does not work when IIS uses .Net Framework 4.
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Tilde character "~" can be used to find short names of files and folders when the website is running on IIS. 
The attacker can find important file and folders that they are not normaly visible.
In-depth technical analysis of the vulnerability and a functional exploit
are available through:
http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
V. 解决方案
----------------
There are still workarounds through Vendor and security vendors.
Using a configured WAF may be usefull (discarding web requests including the tilde "~" character).
VII. 参考
----------------------

(责任编辑:网络)

点击这里复制本文地址 以上内容由黑资讯整理呈现,请务必在转载分享时注明本文地址!如对内容有疑问,请联系我们,谢谢!

黑资讯 © All Rights Reserved.  
Copyright Copyright 2015-2020 黑资讯
滇ICP备19002590号-1
Powered by 黑客资讯 Themes by 如有不合适之处联系我们
网站地图| 发展历程| 留言建议| 网站管理