Solved

PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

Posted on 2008-10-23
3
223 Views
Last Modified: 2008-10-25
I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:

1) Using this code:

$return = array();
exec("WindowsApplication1.exe", $return);
echo 'Hello.';

2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe


This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.

Am I right to be concerned?

Do you know any way around this? I just need the php to use the single exe.

Thanks
0
Comment
Question by:hamlin11
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
Scripting_Guy earned 500 total points
ID: 22791373
I assume that you execute your php-script through a IIS or other webserver.

IF you're the only one being able to load scripts on this iis, then i think the security risk is negligible. if an attacker gains control over your iis server, he can anyways do a lot more than execute cmd.exe.

If other users (users you do not trust) can load their php scripts on that server too, then its a serious security risk, as they might start playing around with cmd.exe. However, note that they can start cmd.exe only as internet guest user, so even then they might not be able to do too much damage. still, I would not risk that. In this case, you'd have to run your website as a different user than the other websites.

As with any webserver who is accessable from the internet or other untrusted users, i recommend to put it in a DMZ. This way even a successful attack will not be able to do much (or any) damage to your lan or other internal systems, especially because a webserver typically needs no access towards your lan. If your DMZ is set up corretcly, the attacker will basically be trapped in the box he just got access to. Also make sure that the IIS service is the only service you're running on this particular box, so that in case of a successful attack, your system will be impaired as little as possible.

I hope this helps you.
0
 

Author Comment

by:hamlin11
ID: 22792170
"I assume that you execute your php-script through a IIS or other webserver."

Correct - and the rest of your comments were great. Thank you very much.



0
 
LVL 3

Expert Comment

by:Scripting_Guy
ID: 22802328
points? :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Learn about cloud computing and its benefits for small business owners.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now