IIS 7.5 website application pool with full administrator permissions hackable?

Posted by Caroline Beltran on Server Fault See other posts from Server Fault or by Caroline Beltran
Published on 2014-06-10T02:35:58Z Indexed on 2014/06/10 3:27 UTC
Read the original article Hit count: 346

Filed under:

iis7.5

|

hacking

Although I would never do this, I would like to know how a static html website with the permission mentioned in the title could be compromised.

In my humble opinion, I would guess that this would pose no threat since a web visitor has no way to upload/edit/delete anything.

What if the site was a simple PHP website that simply displayed ‘hello world’? What if this PHP site had a contact us form that was properly sanitized?

Thank you

© Server Fault or respective owner

Related posts about iis7.5

Configuring IIS7 404 page when using IIS7 urlrewrite module

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've got custom errors to work for .aspx page like: www.domain.com/whateverdfdgdfg.aspx But, when no .aspx url is requested, (like http://www.domain.com/hfdkfdh4545) it results in an error: HTTP Error 404.0 - Not Found The resource you are looking for has been removed, had its name changed… >>> More
How to create a Subdomain in IIS7?

as seen on Server Fault - Search for 'Server Fault'
In IIS7 I have a site: http://www.mydomain.com/mysite How can I get the same site to appear as: http://mysite.mydomain.com ? I already have the DNS set up and can ping it, I just do not know how to configure it in IIS7. >>> More
How can I control which IP address IIS7 uses?

as seen on Server Fault - Search for 'Server Fault'
In Win2k3 I used httpcfg to tell IIS to listen to specific IP addresses on the server. I want to run Apache with VisualSVN Server on port 80 on another IP address but IIS7 binds to all ports by default. What utility for IIS7 controls the IIS7 bindings? Update: I found the answer. There is a utility… >>> More
WCF service hosted in IIS7 with administrator rights?

as seen on Server Fault - Search for 'Server Fault'
Hello, How do I grant administrator rights to a running WCF service hosted in IIS7? The problem is, my code works fine in a test console application runned as an administrator, but the same code used from WCF service in IIS7 fails. When I run the same console test application without admin rights… >>> More
authentication problem on windows vista (cookie is getting written but httpcontext.current.user is n

as seen on Stack Overflow - Search for 'Stack Overflow'
authentication problem on windows vista (iis7) (cookie is getting written but httpcontext.current.user is null) >>> More

Related posts about hacking

should i bother to block these- rather lame attempt at hacking my server

as seen on Server Fault - Search for 'Server Fault'
I'm running a LAMP stack, with no phpmyadmin (yes) installed. While poking through my apache server longs i noticed things like. 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "POST http://74.208.75.29:6667/ HTTP/1.0" 404 481 "-" "-" 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "CONNECT 74.208.75… >>> More
The newbie's guide to hacking the Linux kernel

as seen on Internet.com - Search for 'Internet.com'
<b>TuxRadar: </b>"We asked prolific kernel hacker (and Linux Format reader!) Greg Kroah-Hartman to tell us what it takes for newbies to patch the Linux kernel - here's what he had to say." >>> More
China Says Google Never Filed Complaint in Hacking Case

as seen on Internet.com - Search for 'Internet.com'
Confusion continues to muddle the Google/China saga, with Chinese officials saying they aren't -- and are -- in talks with Google about hacking and censorship allegations. >>> More
China Says Google Never Filed Complaint in Hacking Case

as seen on Internet.com - Search for 'Internet.com'
Confusion continues to muddle the Google/China saga, with Chinese officials saying they aren't -- and are -- in talks with Google about hacking and censorship allegations. >>> More
community of linux hackers

as seen on Super User - Search for 'Super User'
Do you know of any community of linux hackers. People who are into hacking from network to workstations. Linux hacking windows pc's and other platforms. Please do only tell sites wherein beginners could join. But if you know of any site that gives a jump start for beginners into hacking. Also tell. >>> More