Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

Posted on 2008-10-23
3
225 Views
Last Modified: 2008-10-25
I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:

1) Using this code:

$return = array();
exec("WindowsApplication1.exe", $return);
echo 'Hello.';

2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe


This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.

Am I right to be concerned?

Do you know any way around this? I just need the php to use the single exe.

Thanks
0
Comment
Question by:hamlin11
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
Scripting_Guy earned 500 total points
ID: 22791373
I assume that you execute your php-script through a IIS or other webserver.

IF you're the only one being able to load scripts on this iis, then i think the security risk is negligible. if an attacker gains control over your iis server, he can anyways do a lot more than execute cmd.exe.

If other users (users you do not trust) can load their php scripts on that server too, then its a serious security risk, as they might start playing around with cmd.exe. However, note that they can start cmd.exe only as internet guest user, so even then they might not be able to do too much damage. still, I would not risk that. In this case, you'd have to run your website as a different user than the other websites.

As with any webserver who is accessable from the internet or other untrusted users, i recommend to put it in a DMZ. This way even a successful attack will not be able to do much (or any) damage to your lan or other internal systems, especially because a webserver typically needs no access towards your lan. If your DMZ is set up corretcly, the attacker will basically be trapped in the box he just got access to. Also make sure that the IIS service is the only service you're running on this particular box, so that in case of a successful attack, your system will be impaired as little as possible.

I hope this helps you.
0
 

Author Comment

by:hamlin11
ID: 22792170
"I assume that you execute your php-script through a IIS or other webserver."

Correct - and the rest of your comments were great. Thank you very much.



0
 
LVL 3

Expert Comment

by:Scripting_Guy
ID: 22802328
points? :)
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question