coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #156 from A1vinSmith/master

Browse Source 
Fix web.config example link
This commit is contained in:
Carlos Polop 2021-08-12 12:02:00 +02:00 committed by GitHub
commit 88c4834851
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pentesting/pentesting-web/iis-internet-information-services.md
View File

@ -31,7 +31,7 @@ X-FEServer: NHEXCHANGE2016
## Execute .config files
You can upload .config files and use them to execute code. One way to do it is appending the code at the end of the file inside an HTML comment: [Download example here](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Upload%20insecure%20files/Configuration%20IIS%20web.config/web.config)
You can upload .config files and use them to execute code. One way to do it is appending the code at the end of the file inside an HTML comment: [Download example here](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Upload%20Insecure%20Files/Configuration%20IIS%20web.config/web.config)
More information and techniques to exploit this vulnerability [here](https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/)