vk_*_*use 3 asp.net security iis url-rewriting
以下是我们在其中一个网站上的问题:
使用Windows文件系统速记字符和状态返回代码强制执行文件/目录名称
It is possible to find an unknown filename up to six characters by using shorthand file characters such as ~1 and
*Example: site.com/admin/uplo*~1*/.aspx
This attack relies on reading different error codes the webserver responds with when the file(s) exist or not. Let’s say the file upload.aspx exists in the directory admin. Our attacks responses would look like this:
site.com/admin/uplo*~1*/.aspx – IIS returns HTTP 404 File Not Found (valid file)
site.com/admin/uplp*~1*/.aspx – IIS returns HTTP 400 Bad Request (invalid file)
*Note that IIS 7.x responds with different error codes (0×0 when valid) instead of http status codes
更多详情 http://www.alertlogic.com/internet-information-server-iis-exploitation-2/
一种可能的解决方案: ...如果可能,您可能希望使用URL重写来禁止任何带有波形符的URL被接受...
问题: 怎么做?应该在url重写规则中使用什么正则表达式来丢弃网站上所有URL中的〜字符(ASP.NET 3.5)
可以通过执行以下任一操作来修复它:
1. Install .NET 4.0 on the web server.
要么
2. Install and configure IIS URLScan module (do not allow ~ chars in the URL by adding ~ to [DenyUrlSequences] section).
在此处查找更多有用的信息:http: //weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
| 归档时间: |
|
| 查看次数: |
16295 次 |
| 最近记录: |