• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1666
  • Last Modified:

Running COM WScript.Shell on PHP IIS6 Windows Server 2003

I am trying to run the following PHP code on a Windows Server 2003 with II6 running php as isapi to convert pdfs to swfs.

<?php
flush();

echo "This is a test<br><Br>";
$software_path ="C:\\SWFTools\pdf2swf.exe" ;
$pdf_path ="D:\\Book\DMC\php\Test\PDF\\1.pdf" ;

$argument = "-o";
$swf_output ="D:\Book\DMC\php\Test\SWF\\1.swf" ;

$cmd =" $software_path $pdf_path $argument $swf_output";
echo $cmd;
$WshShell = new COM("WScript.Shell") or die("Could not start WScript");


$oExec = $WshShell->Run("cmd /C $cmd ", 0, false);
?>

Open in new window


I receive a 500 error when running the code. When I comment out
//$oExec = $WshShell->Run("cmd /C $cmd ", 0, false);

Open in new window

the code will run without the error, but of course the command is not exicuted.

$cmd echos to:

C:\SWFTools\pdf2swf.exe D:\Book\DMC\php\Test\PDF\1.pdf -o D:\Book\DMC\php\Test\SWF\1.swf

which does work perfecty in the command prompt.

I have tried other sample codes as well that try to run from the cmd promt, and get a 500 error. I have never needed to interface with the cmd propt with php before so I am not familiar with the requirements.

I did try to give IUSR read / write permissions on the server, but this did not solve the issue.

Thanks for the help.
0
dmccull2000
Asked:
dmccull2000
1 Solution
 
Shinesh PremrajanEngineering ManagerCommented:
Did you tried executing the command using system or exec command.


0
 
dmccull2000Author Commented:
I tried both with no luck same 500 error. I also tried passthru. Passthu does not receive a 500 error but it is also not exicuted.
0
 
pcsmitpraCommented:
Check the user (Identity) for the application pool holding the website for PHP Website. Go to c:\WINDOWS\system32\cmd.exe and add that user here with 'Execute' permissions. Try now it with your page.
PS: - It is RISKY.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Ron MalmsteadInformation Services ManagerCommented:
Try adding the following to your web config

<identity impersonate="true" userName="Administrator" password="yourpass"/>


This will make IIS impersonate administrator when launching processes.  It would be preferrable to use a service account with admin privilages though.
0
 
dmccull2000Author Commented:
Thank you, both solutions worked on the test environment. I can see how this can be very risky to the security of the server. Now to find a way to do this more securely. Any suggestions would be greatly appreciated.
0
 
Ron MalmsteadInformation Services ManagerCommented:
Well your web.config file should not be accessible from IIS.  Access to it is forbidden by default.

One risk is if you create a web process that can be exploited, as it is running under an administrative account.

Another is if you have multiple people with access to logon to the server itself, who can view this file and get the credentials right out of it.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now