Add web_iis_tilt_shortname_scan.yml
This commit is contained in:
frack113
@@ -0,0 +1,30 @@
|
||||
title: Successful IIS Shortname Fuzzing Scan
|
||||
id: 7cb02516-6d95-4ffc-8eee-162075e111ac
|
||||
status: experimental
|
||||
author: frack113
|
||||
description: When IIS uses an old .Net Framework it's possible to enumeration folder with the symbol ~.
|
||||
references:
|
||||
- https://github.com/projectdiscovery/nuclei-templates/blob/master/fuzzing/iis-shortname.yaml
|
||||
- https://www.exploit-db.com/exploits/19525
|
||||
- https://github.com/lijiejie/IIS_shortname_Scanner
|
||||
date: 2021/10/06
|
||||
tags:
|
||||
- attack.initial_access
|
||||
- attack.t1190
|
||||
logsource:
|
||||
category: webserver
|
||||
detection:
|
||||
selection:
|
||||
c-uri|contains: '~1'
|
||||
c-uri|endswith: 'a.aspx'
|
||||
cs-method:
|
||||
- GET
|
||||
- OPTIONS
|
||||
#only succes
|
||||
sc-status:
|
||||
- 200
|
||||
- 301
|
||||
condition: selection
|
||||
falsepositives:
|
||||
- Unknown
|
||||
level: medium
|
||||
Reference in New Issue
Block a user