I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:
1) Using this code:
$return = array();
2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe
This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.
Am I right to be concerned?
Do you know any way around this? I just need the php to use the single exe.