Hi, everyone
Recently found one of our web servers had ASP NET trust level set to FULL (seems its a default). That makes it vulnerable to ASP Net shell scripts that use cmd.exe and can list all files on the web server.
I set the default for trust level to be medium in the global asp net web.config file, but some sites or apps require trust level=high, so some hacker could, if he obtained access to web.config, change the trust level...
Is there anything else I can do besides audit changed web.config files?
Thanks.
↧
ASP Trust level, web.config
↧