Description

It is possible to detect short names of files and directories which have an 8.3 file naming scheme equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of ".aspx" files as they have 4 letters in their extensions. This can be a major issue especially for the .Net websites which are vulnerable to direct URL access as an attacker can find important files and folders that they are not normally visible.

Remediation

Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject. A link to this paper is listed in the Web references section below.

References

Windows Short (8.3) Filenames - A Security Nightmare?

Detectify KB: Microsoft IIS Tilde Vulnerability

Microsoft IIS Shortname Scanner PoC

Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure

IIS Short File Name Disclosure is back! Is your server vulnerable?

Related Vulnerabilities

WordPress Plugin ACF to REST API Information Disclosure (3.2.0)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

W3 total cache debug mode

Devise weak password

PHP curl_exec() url is controlled by user

Severity

Low

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure