?
Solved

PHP & Windows Server 2003 - exec() requires that I give INTERNET_GUEST_ACCT Read/Execute permissions on CMD.exe - I'm concerned.

Posted on 2008-10-23
3
Medium Priority
?
234 Views
Last Modified: 2008-10-25
I need to execute a single EXE file with my PHP code. The only way that I seem to be able to get it to run us by:

1) Using this code:

$return = array();
exec("WindowsApplication1.exe", $return);
echo 'Hello.';

2) Giving the internet guest account read/execute permissions on windows/system32/cmd.exe


This makes me think that if an attacker gained write access to any of my many php folders - that they could then insert scripts to use the command prompt as if they owned it.

Am I right to be concerned?

Do you know any way around this? I just need the php to use the single exe.

Thanks
0
Comment
Question by:hamlin11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
Scripting_Guy earned 2000 total points
ID: 22791373
I assume that you execute your php-script through a IIS or other webserver.

IF you're the only one being able to load scripts on this iis, then i think the security risk is negligible. if an attacker gains control over your iis server, he can anyways do a lot more than execute cmd.exe.

If other users (users you do not trust) can load their php scripts on that server too, then its a serious security risk, as they might start playing around with cmd.exe. However, note that they can start cmd.exe only as internet guest user, so even then they might not be able to do too much damage. still, I would not risk that. In this case, you'd have to run your website as a different user than the other websites.

As with any webserver who is accessable from the internet or other untrusted users, i recommend to put it in a DMZ. This way even a successful attack will not be able to do much (or any) damage to your lan or other internal systems, especially because a webserver typically needs no access towards your lan. If your DMZ is set up corretcly, the attacker will basically be trapped in the box he just got access to. Also make sure that the IIS service is the only service you're running on this particular box, so that in case of a successful attack, your system will be impaired as little as possible.

I hope this helps you.
0
 

Author Comment

by:hamlin11
ID: 22792170
"I assume that you execute your php-script through a IIS or other webserver."

Correct - and the rest of your comments were great. Thank you very much.



0
 
LVL 3

Expert Comment

by:Scripting_Guy
ID: 22802328
points? :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question