Solved

PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

Posted on 2008-10-23
3
231 Views
Last Modified: 2008-10-25
I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:

1) Using this code:

$return = array();
exec("WindowsApplication1.exe", $return);
echo 'Hello.';

2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe


This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.

Am I right to be concerned?

Do you know any way around this? I just need the php to use the single exe.

Thanks
0
Comment
Question by:hamlin11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
Scripting_Guy earned 500 total points
ID: 22791373
I assume that you execute your php-script through a IIS or other webserver.

IF you're the only one being able to load scripts on this iis, then i think the security risk is negligible. if an attacker gains control over your iis server, he can anyways do a lot more than execute cmd.exe.

If other users (users you do not trust) can load their php scripts on that server too, then its a serious security risk, as they might start playing around with cmd.exe. However, note that they can start cmd.exe only as internet guest user, so even then they might not be able to do too much damage. still, I would not risk that. In this case, you'd have to run your website as a different user than the other websites.

As with any webserver who is accessable from the internet or other untrusted users, i recommend to put it in a DMZ. This way even a successful attack will not be able to do much (or any) damage to your lan or other internal systems, especially because a webserver typically needs no access towards your lan. If your DMZ is set up corretcly, the attacker will basically be trapped in the box he just got access to. Also make sure that the IIS service is the only service you're running on this particular box, so that in case of a successful attack, your system will be impaired as little as possible.

I hope this helps you.
0
 

Author Comment

by:hamlin11
ID: 22792170
"I assume that you execute your php-script through a IIS or other webserver."

Correct - and the rest of your comments were great. Thank you very much.



0
 
LVL 3

Expert Comment

by:Scripting_Guy
ID: 22802328
points? :)
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question