Talk about .NET Environmental Permissions (I have n'thing to enter a website last night)

xiaoxiao2021-03-06  73

Nothing these days, use ASP.NET (VB.NET) with a file controller in a .NET environment, you can operate files in the remote machine.

There is no free space for ASPX, and I have searched it online. I just applied for a free space. I applied for a user, transfer the 50K ASPX file, opened this page on my machine, um, good, space The speed is OK, and then I entered the function page I wrote this file manager. First, I first called to see the system information function, and found that the host provided the service is the current permission is Network Service user privilege. .

Specific information is as follows

Web Server Information

SystemDirectory C: / Windows / System32 / inetsrv

System had run time 2039.5442666667 minutes

Server IP xx.xx.xxx.xxx

Machine Name CNBOLNET

NET YUMING NTAORIRITY

Process User Name NetWork Service

OS Microsoft Windows NT 5.2.3790.0

IIS Version Microsoft-IIS / 6.0

I stunned, I thought this permission default words. . .

Then I run the CMD function in the web page (calling the other party's CMD) to see if I can add users, the result. . Haha, of course, is not so easy, but some simple commands can still be operated, it seems that this host is in the inside network, IP is 192.168.1.131, then call the written file manager's viewing process function, a little The process is displayed (reminding everyone to settle the permissions) It seems that the administrator is not particularly silly). . .

Next, I called to see the hard disk function, I found 10 hard drives, really a lot. . . It is worthy of suppliers for providing free services and charges. . Then I choose one of the hard drives. . . . Overture can go in and look at the file. . . Then I opened a web page and went to the home page of this website to see the file name of the main business. It is Default.asp, then call the file search function of the file manager. . . After a minute, the address of the web file is retrieved. It turns out in the F drive, so I am going to the F disc, I find that file, click the file manager's Edit function to edit his homepage file. . but. . This permission is not, I thought it was already enough, I was preparing to play games. At this time, I selected this feature. . . The strange thing is to change the name. I temporarily change its homepage to other names (users who log in this time ... I can't help), then call the upload function of the file manager, OMG, I can upload it. () I passed the DEFAULT.ASP of this machine. At this time, it is not difficult to see that this administrator gives us the most ordinary user settings that have serious problems. . At this point, open the home page, the page has become the file I passed. . . After all, I just did an experiment, there is no malicious, so I later removed the uploaded file, change the name of its original file, this trial is a paragraph

转载请注明原文地址:https://www.9cbs.com/read-120688.html

New Post(0)