[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:

1) Using this code:

$return = array();
exec("WindowsApplication1.exe", $return);
echo 'Hello.';

2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe


This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.

Am I right to be concerned?

Do you know any way around this? I just need the php to use the single exe.

Thanks
0
hamlin11
Asked:
hamlin11
  • 2
1 Solution
 
Scripting_GuyCommented:
I assume that you execute your php-script through a IIS or other webserver.

IF you're the only one being able to load scripts on this iis, then i think the security risk is negligible. if an attacker gains control over your iis server, he can anyways do a lot more than execute cmd.exe.

If other users (users you do not trust) can load their php scripts on that server too, then its a serious security risk, as they might start playing around with cmd.exe. However, note that they can start cmd.exe only as internet guest user, so even then they might not be able to do too much damage. still, I would not risk that. In this case, you'd have to run your website as a different user than the other websites.

As with any webserver who is accessable from the internet or other untrusted users, i recommend to put it in a DMZ. This way even a successful attack will not be able to do much (or any) damage to your lan or other internal systems, especially because a webserver typically needs no access towards your lan. If your DMZ is set up corretcly, the attacker will basically be trapped in the box he just got access to. Also make sure that the IIS service is the only service you're running on this particular box, so that in case of a successful attack, your system will be impaired as little as possible.

I hope this helps you.
0
 
hamlin11Author Commented:
"I assume that you execute your php-script through a IIS or other webserver."

Correct - and the rest of your comments were great. Thank you very much.



0
 
Scripting_GuyCommented:
points? :)
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now