Tilde Shortname

The Shortname vulnerability exists by default on IIS hosted websites in order to maintain compatibility with legacy software. For some reason, Microsoft do not see this as a vulnerability. Similar to WordPress not seeing XMLRPC pingback function as a vulnerability. It's up to the administrator, themselves, to resolve this issue.

Tilde Shortname Scanner GitHub

Issue

An attacker may be able to enumerate the first six characters of files and folders as well as the first three characters of the file extension.

Syntax

java -jar iis_shortname_scanner.jar 2 20 http://example.com/

java -jar iis_shortname_scanner_jdk7.jar 2 20 https://example.com/