Overview Clickjacking (UI redress attack) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages. Affected versions IIS 7.x IIS 8.x Solution [...]
Read moreCategory: IIS
Disabling IIS Web Banner And Other IIS Headers
Overview Microsoft IIS loves to tell the world that a website runs on IIS. It does so with the Serverheader in the HTTP response, as shown below. In this post I’ll show you how to remove response server headers in IIS. You don’t want to give hackers too much information[...]
Read moreSweet 32 Attack - IIS
Overview Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating[...]
Read moreRemote Denial of Service Attack in IIS 6/7
Overview CVE-2007-2897 Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM[...]
Read more