Dear IIS Users:
Considering that I have an application accessible by anyone on the internet
and the application's directory has the same permissions mentioned in the
title of this message, would someone be able to upload a malicious file and
harm my computer even though there is no ftp service enabled to upload to
this folder?
I assume that the only avenue for attack in this scenario would be by using
buffer overlow techniques on my exe. True?
What if I were to create a max size buffer for both get and post operations
and I strip everything keeping only alpha-numeric and special url characters?
Would I still be vulnerable?
Please advise.
Jeff
