iis security: IUSR_ and IWAM_ with admin privileges -- iis security

Re: IUSR_ and IWAM_ with admin privileges

Ken Schaefer
1/28/2007 7:32:29 PM

It means that if someone can get your web application to something
unintended (e.g. there is a bug in the application), then the attacker can
take control of your entire server.

Alternatively, if an attacker can get your IWAM or IUSR users to run some
code (e.g. by uploading a webpage, and then requesting it) then they have
full control over your server as well.

Cheers
Ken

[quoted text, click to view]

Re: IUSR_ and IWAM_ with admin privileges

Roger Abell [MVP]
1/28/2007 8:00:17 PM

[quoted text, click to view]

Absurd. The risks are total for that machine, or
worse if installed on a DC (ex. SBS server).

I hope they did not ask for money in exchange !!

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the iis security group.