<div>
&quot;I assume that you execute your php-script through a IIS or other webserver.&quot;<br />
<br />
Correct - and the rest of your comments were great. Thank you very much.<br />
<br />
<br />
<br />

</div>


"I assume that you execute your php-script through a IIS or other webserver."

Correct - and the rest of your comments were great. Thank you very much.





<div>
<div class="content wysiwyg-content">
I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:<br />
<br />
1) Using this code: <br />
<br />
$return = array();<br />
exec(&quot;WindowsApplication1.<wbr />exe&quot;, $return);<br />
echo 'Hello.';<br />
<br />
2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe<br />
<br />
<br />
This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.<br />
<br />
Am I right to be concerned?<br />
<br />
Do you know any way around this? I just need the php to use the single exe.<br />
<br />
Thanks
</div>
</div>


I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:

1) Using this code: 

$return = array();
exec("WindowsApplication1.exe", $return);
echo 'Hello.';

2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe


This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.

Am I right to be concerned?

Do you know any way around this? I just need the php to use the single exe.

Thanks

PHP &amp; Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

PHP &amp; Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.