I have seen an article on the "ASP.NET virtual host" on the Internet, I didn't care, I didn't care, friends who did the ASP virtual host may know that set a separate independent for each user. The server users and individual directory operation permissions can basically solve the FSO problem of the ASP.
Inadvertently discovered an Asp.Net-Webshell called WebAdmin, when I tested my server, I was shocked, and I actually had read permissions to the C drive of my server. And the modification of the entire hard disk is deleted. In this case, then the security of my server ...
In order to further confirm, I have made tests on some famous virtual host providers in China, and they have the same problem as me.
