IIS Tilder Vulnerebility "~" Fix on Azure

Closed Posted 4 years ago Paid on delivery
Closed Paid on delivery

I'm writting a website and right now doing the penetration test. However my test keep failed on the windows short file disclosure issue. You can refer the link as i posted [login to view URL]

Each time enter [login to view URL]*~1, my IIS will return Error 404 instead of custom error page. My client is using Azure VM Server 2012R2 and running IIS 8.5 at the moment.

I've tried the following:

1. Deny URL sequence with "~" in Request Filtering in IIS.

2. Used URL rewrite with pattern (^[^\?]\~.\?.$)|(^[^\?]\~.*$), action: Abort Request

3. Tried URLScan 3.1 but seem no more working for IIS 8.5.

4. Tried with new project and create only 1 html file for test.

5. Disabled NtfsDisable8dot3NameCreation under registry.

6. Scanned c:\inetpub and there is 0 window short file name.

7. Run windows update

All above with no luck. If you got better solution, please let me know and i will reward you.

Attached with my [login to view URL] file for your reference.

IIS Azure Windows Server ASP.NET

Project ID: #23519780

About the project

2 proposals Remote project Active 4 years ago

2 freelancers are bidding on average $25 for this job

dsengar121

Hi I'm able to test it in my Lab. Have you tried setting errorMode to "Custom" on IIS server instead of site. If you can share your screen I can try to fix the issue.

$20 USD in 1 day
(21 Reviews)
4.4
yhonnyocho

Hi, can I help you with your project? I have experience in -Administration / management of systems and security in Linux, Windows Kali Linux Pentesting nmap metaesploit -Development of Java, VB.NET, PHP, SQL, MySQL, P More

$30 USD in 7 days
(1 Review)
1.0