IIS Tilder Vulnerebility "~" Fix on Azure

I'm writting a website and right now doing the penetration test. However my test keep failed on the windows short file disclosure issue. You can refer the link as i posted [login to view URL]

Each time enter [login to view URL]*~1, my IIS will return Error 404 instead of custom error page. My client is using Azure VM Server 2012R2 and running IIS 8.5 at the moment.

I've tried the following:

1. Deny URL sequence with "~" in Request Filtering in IIS.

2. Used URL rewrite with pattern (^[^\?]\~.\?.$)|(^[^\?]\~.*$), action: Abort Request

3. Tried URLScan 3.1 but seem no more working for IIS 8.5.

4. Tried with new project and create only 1 html file for test.

5. Disabled NtfsDisable8dot3NameCreation under registry.

6. Scanned c:\inetpub and there is 0 window short file name.

7. Run windows update

All above with no luck. If you got better solution, please let me know and i will reward you.

Attached with my [login to view URL] file for your reference.

Квалификация: IIS, Azure, Windows Server, ASP.NET

Показать больше htaccess rewrite html, javascript rewrite html, javascript rewrite html site, form fix page code php html, lighttpd rewrite html, perl cgi rewrite html, wordpress mod rewrite html, fix emails outlook 2007 html css, rewrite html page, asp rewrite html, rewrite html java, rewrite html element javascript, fix layout php dom html, htaccess rewrite html subdomain, fix rss feed showing html tags, fix resolution web page html, fix validation error flash html

О работодателе:
( 0 отзыв(-а, -ов) ) Kuala Lumpur, Malaysia

ID проекта: #23519780

2 фрилансеров(-а) в среднем готовы выполнить эту работу за $25


Hi I'm able to test it in my Lab. Have you tried setting errorMode to "Custom" on IIS server instead of site. If you can share your screen I can try to fix the issue.

$20 USD за 1 день
(21 отзывов(-а))

Hi, can I help you with your project? I have experience in -Administration / management of systems and security in Linux, Windows Kali Linux Pentesting nmap metaesploit -Development of Java, VB.NET, PHP, SQL, MySQL, P Больше

$30 USD за 7 дней(-я)
(1 отзыв)