iis-directory-browsing: IIS Directory Browsing Detection

日期: 2025-08-01 | 影响软件: IIS directory browsing | POC: 已公开

漏洞描述

Ensures IIS directory browsing is disabled to prevent exposure of file structures.

PoC代码[已公开]

id: iis-directory-browsing

info:
  name: IIS Directory Browsing Detection
  author: pussycat0x
  severity: high
  description: |
    Ensures IIS directory browsing is disabled to prevent exposure of file structures.
  reference:
    - https://wiki.devsecopsguides.com/docs/checklists/iis/
  tags: iis,windows,file,hardening

file:
  - extensions:
      - all

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<system.webServer>"

      - type: word
        words:
          - '<directoryBrowse enabled="true" />'
        negative: true
# digest: 4a0a00473045022100a9b78b8fd2902c89717d71b1455d7965921aeab7d00a24cdd93186e592af46ca02203d974f7dac2a56eb58d1f2d31c059d5ad2149f911f98811dcb2507092b05b420:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/iis/iis-directory-browsing.yaml