executing an exe from an asp page
#1
Scooby Regular
Thread Starter
Join Date: Jul 2000
Location: Islington
Posts: 2,145
Likes: 0
Received 0 Likes
on
0 Posts
I actually found a freeware product called DynuExec, which does the job wonderfully.
Thanks for the replies. I did know about the #exec and was a little worried about the security holes, but not being a guru wondered what other solutions people would come up with!
cheers
Fosters
Thanks for the replies. I did know about the #exec and was a little worried about the security holes, but not being a guru wondered what other solutions people would come up with!
cheers
Fosters
#2
Scooby Regular
Thread Starter
Join Date: Jul 2000
Location: Islington
Posts: 2,145
Likes: 0
Received 0 Likes
on
0 Posts
Strange that you get more technical response from here than other technical BBSs!!
Anyone got a fool proof method of executing an exe from an asp page (VBscript), including whatever server changes might be necessary? I also need to pass a command string too, eg test.exe 111111.
help very much appreciated!
Fosters
Anyone got a fool proof method of executing an exe from an asp page (VBscript), including whatever server changes might be necessary? I also need to pass a command string too, eg test.exe 111111.
help very much appreciated!
Fosters
#3
You would use the #exec directive to do this, but IIS has the facility disabled as standard (http://www.microsoft.com/technet/security/iischk.asp) so it most likely will not be available on your site...
If you have control over the server, and are happy to add this massive security hole, add the following key to your server's registry
Location CurrentControlSetServicesW3SVCParameters
Key nameSSIEnableCmdDirective
Value 1
Type REG_DWORD
I think that you can do it from PERL using the system() command if you need the return code, or the backticks method ($a = `command.exe` will give you the output to a variable. This may not be possible due to security constraints, too.
Most ISPs support both ASP and PERL.
If you can code it as an ActiveX object and are able to register objects on the server, that may be a more secure way to do this, as if your HTML page was compromised you wouldn't be allowing people to execute their own malicious code...
[This message has been edited by chiark (edited 19 February 2001).]
If you have control over the server, and are happy to add this massive security hole, add the following key to your server's registry
Location CurrentControlSetServicesW3SVCParameters
Key nameSSIEnableCmdDirective
Value 1
Type REG_DWORD
I think that you can do it from PERL using the system() command if you need the return code, or the backticks method ($a = `command.exe` will give you the output to a variable. This may not be possible due to security constraints, too.
Most ISPs support both ASP and PERL.
If you can code it as an ActiveX object and are able to register objects on the server, that may be a more secure way to do this, as if your HTML page was compromised you wouldn't be allowing people to execute their own malicious code...
[This message has been edited by chiark (edited 19 February 2001).]
#4
Just to be perfectly clear: you can configure your server to allow this, but it's a Bad Idea.
Better idea would be to compile your code as an activeX object, register it on the server then use server.createobject() and a method call on it to invoke the necessary code.
If you already have the executable and cannot change it, code an ActiveX wrapper for it.
Drop me a mail if you want more help.
Better idea would be to compile your code as an activeX object, register it on the server then use server.createobject() and a method call on it to invoke the necessary code.
If you already have the executable and cannot change it, code an ActiveX wrapper for it.
Drop me a mail if you want more help.
Thread
Thread Starter
Forum
Replies
Last Post