hamlin11
asked on
PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.
I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:
1) Using this code:
$return = array();
exec("WindowsApplication1. exe", $return);
echo 'Hello.';
2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe
This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.
Am I right to be concerned?
Do you know any way around this? I just need the php to use the single exe.
Thanks
1) Using this code:
$return = array();
exec("WindowsApplication1.
echo 'Hello.';
2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe
This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.
Am I right to be concerned?
Do you know any way around this? I just need the php to use the single exe.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
points? :)
ASKER
Correct - and the rest of your comments were great. Thank you very much.