Solved

Running COM WScript.Shell on PHP IIS6 Windows Server 2003

Posted on 2011-03-17
8
1,409 Views
Last Modified: 2012-05-11
I am trying to run the following PHP code on a Windows Server 2003 with II6 running php as isapi to convert pdfs to swfs.

<?php
flush();

echo "This is a test<br><Br>";
$software_path ="C:\\SWFTools\pdf2swf.exe" ;
$pdf_path ="D:\\Book\DMC\php\Test\PDF\\1.pdf" ;

$argument = "-o";
$swf_output ="D:\Book\DMC\php\Test\SWF\\1.swf" ;

$cmd =" $software_path $pdf_path $argument $swf_output";
echo $cmd;
$WshShell = new COM("WScript.Shell") or die("Could not start WScript");


$oExec = $WshShell->Run("cmd /C $cmd ", 0, false);
?>

Open in new window


I receive a 500 error when running the code. When I comment out
//$oExec = $WshShell->Run("cmd /C $cmd ", 0, false);

Open in new window

the code will run without the error, but of course the command is not exicuted.

$cmd echos to:

C:\SWFTools\pdf2swf.exe D:\Book\DMC\php\Test\PDF\1.pdf -o D:\Book\DMC\php\Test\SWF\1.swf

which does work perfecty in the command prompt.

I have tried other sample codes as well that try to run from the cmd promt, and get a 500 error. I have never needed to interface with the cmd propt with php before so I am not familiar with the requirements.

I did try to give IUSR read / write permissions on the server, but this did not solve the issue.

Thanks for the help.
0
Comment
Question by:dmccull2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 17

Expert Comment

by:Shinesh Premrajan
ID: 35164397
Did you tried executing the command using system or exec command.


0
 

Author Comment

by:dmccull2000
ID: 35168776
I tried both with no luck same 500 error. I also tried passthru. Passthu does not receive a 500 error but it is also not exicuted.
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 35230766
Check the user (Identity) for the application pool holding the website for PHP Website. Go to c:\WINDOWS\system32\cmd.exe and add that user here with 'Execute' permissions. Try now it with your page.
PS: - It is RISKY.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 500 total points
ID: 35233058
Try adding the following to your web config

<identity impersonate="true" userName="Administrator" password="yourpass"/>


This will make IIS impersonate administrator when launching processes.  It would be preferrable to use a service account with admin privilages though.
0
 

Author Comment

by:dmccull2000
ID: 35233503
Thank you, both solutions worked on the test environment. I can see how this can be very risky to the security of the server. Now to find a way to do this more securely. Any suggestions would be greatly appreciated.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 35233635
Well your web.config file should not be accessible from IIS.  Access to it is forbidden by default.

One risk is if you create a web process that can be exploited, as it is running under an administrative account.

Another is if you have multiple people with access to logon to the server itself, who can view this file and get the credentials right out of it.

0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux: using  awk and print inside cURL 4 48
Link Stopped Working 7 32
Protecting Server 2003 against Ransomware 2 82
Phone number mask 4 15
When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question