IIS 7.5 website application pool with 'full control' permissions hackable?

Posted by Caroline Beltran on Server Fault See other posts from Server Fault or by Caroline Beltran
Published on 2014-06-10T02:35:58Z Indexed on 2014/06/10 15:27 UTC
Read the original article Hit count: 264

Filed under:
|

Although I would never set this permission, I would like to know how a static html website with the permission mentioned in the title could be compromised.

In my humble opinion, I would guess that this would pose no threat since a web visitor has no way to upload/edit/delete anything.

What if the site was a simple PHP website that simply displayed ‘hello world’? What if this PHP site had a contact us form that was properly sanitized?

Thank you

EDIT: I should mention that restricting IIS to GET and POST requests only, otherwise people anybody can delete and upload content.

© Server Fault or respective owner

Related posts about iis7.5

Related posts about hacking