重写URL以删除波浪号
[英]URL rewrite to remove tildes
问题描述
During my company's annual security/penetration test, the following problem came up regarding tildes and shortname files for aspx pages: 
在我公司的年度安全性/渗透性测试期间,出现以下问题,涉及aspx页面的波浪号和简称文件:
Here is the white paper on the subject. 这是关于该主题的白皮书。 It looks like a relatively newly discovered vulnerability (the paper is from June 2012) where inserting tildes in the right place in the url allows you to find the shortnames of your aspx files. 它看起来像是一个相对较新发现的漏洞(该论文是2012年6月发布的),在该漏洞中,在url的正确位置插入波浪号可让您查找aspx文件的简称。 I'm looking for a way to remove all tildes from a web request made to our website to prevent this. 我正在寻找一种方法来删除对我们网站提出的Web请求中的所有波浪号,以防止出现这种情况。
The white paper suggests upgrading to IIS 7, but that's a major project that can't be completed very quickly. 白皮书建议升级到IIS 7,但这是一个重大项目,无法很快完成。 We're using C# .NET 4.0/IIS 6. Anyone with experience here that could point me in the right direction? 我们正在使用C#.NET 4.0 / IIS 6.在这里有经验的人可以为我指明正确的方向吗?
1 个解决方案
解决方案1
1 2012-11-26 12:29:57
You could just add the following code to global.asax : 您可以将以下代码添加到global.asax:
Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs)
If HttpContext.Current.Request.RawUrl.Contains("~") Then
'do whatever - eg: stip the ~ or redirect to error page
End If
End Sub
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.