IIS 7.5 website application pool with 'full control' permissions hackable?
Posted
by
Caroline Beltran
on Server Fault
See other posts from Server Fault
or by Caroline Beltran
Published on 2014-06-10T02:35:58Z
Indexed on
2014/06/10
15:27 UTC
Read the original article
Hit count: 259
Although I would never set this permission, I would like to know how a static html website with the permission mentioned in the title could be compromised.
In my humble opinion, I would guess that this would pose no threat since a web visitor has no way to upload/edit/delete anything.
What if the site was a simple PHP website that simply displayed ‘hello world’? What if this PHP site had a contact us form that was properly sanitized?
Thank you
EDIT: I should mention that restricting IIS to GET and POST requests only, otherwise people anybody can delete and upload content.
© Server Fault or respective owner