iis-logging-disabled: IIS Logging Disabled

日期: 2025-08-01 | 影响软件: IIS | POC: 已公开

漏洞描述

Checks if IIS logging is disabled, which can hinder incident response.

PoC代码[已公开]

id: iis-logging-disabled

info:
  name: IIS Logging Disabled
  author: pussycat0x
  severity: medium
  description: |
    Checks if IIS logging is disabled, which can hinder incident response.
  reference:
    - https://wiki.devsecopsguides.com/docs/checklists/iis/
  tags: iis,windows,security,hardening,logging

file:
  - extensions:
      - all

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<configuration>"

      - type: word
        words:
          - '<logFile enabled="false"'
        negative: true
# digest: 4a0a00473045022100d14a4273f694ce9a72abdbbab913738fffa327312105e89529279ef0683b531c02204be1d741e6f58fe3cc3c572d36c0f40ae1ef420f17e1ac7d7f3655b36f896ff3:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/iis/iis-logging-disabled.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐