Click here to download the paper.
Two security issues have been reported via this security research:
1- IIS Short File/Folder Name Disclosure by using tilde “~” character:
2- .Net Framework Tilde Character DoS:
Workaround and Prevention:
We are working with security vendors to come up with a solution to mitigate the risk of these vulnerabilities. The paper PDF file will be updated accordingly.
IIS Shortname Scanner PoC – Source Code: http://code.google.com/p/iis-shortname-scanner-poc/
PoC Video:
Click here to download the paper.
Download Link:
http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf