Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IIS short scanner module (Tilde enumeration) - multiple files with same prefix #28

Closed
0xea31 opened this issue Jul 11, 2019 · 2 comments · Fixed by #30
Closed

IIS short scanner module (Tilde enumeration) - multiple files with same prefix #28

0xea31 opened this issue Jul 11, 2019 · 2 comments · Fixed by #30
Assignees
Labels
bug Something isn't working

Comments

@0xea31
Copy link

0xea31 commented Jul 11, 2019

There might be a problem with files with multiple dots.

For instance, web.config.old is discovered as web~1.con

Screenshot from 2019-07-11 21-45-27

iis_shortname_Scan.py finds the same file as webcon~1.old*

Screenshot from 2019-07-11 21-53-11

Side question: is there room to spot file with multiple dots?

@phra
Copy link
Owner

phra commented Jul 13, 2019

I investigated the issue and I discovered that both Rustbuster and the python IIS short name scanner implementation are bugged when multiple files with the same prefix exist.

Given two existing files web.config and web.config.old, we will see the following results:

  1. Rustbuster will stop at the shortest match, i.e. web.config
  2. IIS short name scanner won't match on web.config and will match on the longer web.config.old

I fixed Rustbuster and I am going to release a patched version.

image

Thanks for the report.

@phra phra self-assigned this Jul 13, 2019
@phra phra added the bug Something isn't working label Jul 13, 2019
@phra phra closed this as completed in #30 Jul 13, 2019
@phra
Copy link
Owner

phra commented Jul 13, 2019

https://github.com/phra/rustbuster/releases/tag/v3.0.2 was released to address this issue.

@phra phra changed the title IIS short scanner module (Tilde enumeration) - filenames with dots IIS short scanner module (Tilde enumeration) - multiple files with same prefix Jul 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants