For aspx Trojan can read iis site information cross site directory temporary solution
- 2020-05-06 12:01:08
- OfStack
1, aspx Trojan file can be in the asp.net space to read the process, iis information, cross-site, cmd command execution.
Solution
1. Set up one user for each website, put the user into guest group, and give the site the right to write and read. It also allows anonymous access on iis.
2,
Copy the above code to
in C:\WINDOWS\ Microsoft.NET \Framework\ v2.0.50727 \CONFIG web.config To disable cross-site, iis information, cmd command execution.
3. Es32en.net1.1 search < in machine.config identity impersonate=false change false to true
Code role: impersonates an anonymous account to run a web application.
This method can prohibit cross-directory, reading iis site information, prohibit the execution of cmd.
Solution
1. Set up one user for each website, put the user into guest group, and give the site the right to write and read. It also allows anonymous access on iis.
2,
<system.web>
<identity impersonate="true" />
</system.web>
Copy the above code to
in C:\WINDOWS\ Microsoft.NET \Framework\ v2.0.50727 \CONFIG web.config To disable cross-site, iis information, cmd command execution.
</location>
<system.web>
<identity impersonate="true" />
</system.web>
<system.net>
3. Es32en.net1.1 search < in machine.config identity impersonate=false change false to true
Code role: impersonates an anonymous account to run a web application.
This method can prohibit cross-directory, reading iis site information, prohibit the execution of cmd.