Original Post: IIS welcome page to source code review to LFI! | by Omar Ahmed | Aug, 2024
The content narrates a user’s experience discovering a vulnerability in an IIS subdomain. Initially, the subdomain returned the IIS welcome page. The user then employed the IIS-ShortName-Scanner tool, revealing the subdomain was susceptible to the IIS Short File Name Disclosure vulnerability. Using ffuf, the user identified specific files and directories on the server and found an open-source web chat application.
Upon examining its source code, the user discovered security flaws tied to how the application handled a parameter for image files. The code’s logic allowed potential Local File Inclusion (LFI) exploits through path traversal and enabled Server-Side Request Forgery (SSRF) in specific circumstances.
The investigation further revealed that the server did not require a specific path to execute the exploit. The writeup concludes with the hope that the shared insights provide valuable and innovative approaches to readers.
Go here to read the Original Post