turbosport

[!--quoteo(post=308213:date=Oct 19 2005, 01:48 PM:name=permutations)--][div class=\'quotetop\']QUOTE(permutations @ Oct 19 2005, 01:48 PM) 308213[/snapback][/div][div class=\'quotemain\'][!--quotec--] Did you find the solution to this? It's driving me crazy, too. Make sure the IUSR_machinename account has read and execute rights to the folders and files

[!--quoteo(post=313419:date=Nov 1 2005, 07:04 AM:name=gambaroni)--][div class=\'quotetop\']QUOTE(gambaroni @ Nov 1 2005, 07:04 AM) 313419[/snapback][/div][div class=\'quotemain\'][!--quotec--] Hi! It started with that IIS hadn't permissions to cmd.exe so i copied cmd.exe to the PHP folder and then i get following error when i try to execute a bat file with exec(): "CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers." The file exists, but what can be wrong? I am using IIS on w2k3, PHP and MSSQL. Ask if there is something that you don't understand. //Martin How are you calling it with shell_exec ? if so perms ?

[!--quoteo(post=316412:date=Nov 8 2005, 10:00 PM:name=Lienne)--][div class=\'quotetop\']QUOTE(Lienne @ Nov 8 2005, 10:00 PM) 316412[/snapback][/div][div class=\'quotemain\'][!--quotec--] If I access the scripts through localhost everything works fine, but if I try to run them through the IP (even on the machine the server is installed on) I get it asking me for a username/password/domain and if I click cancel, it tells me I don't have proper priveledges to access that file. It seems to be only happening for php scripts, too. I first tried installing PHP manually, and that worked ok. I then switched to the installer (cgi). Any assistance would be ENORMOUSLY appreciated! IIS Anonymouse IUSR_machinename user hasnt got read ad execute rights to the php files.

Sounds like the IIS anonymouse user ISUR_servername dosnt have write perms to the upload folders and / or read and execute on the php_gd2.dll

You didnt say if the script was working but displaying errors ? If it works turn off WARNINGS Ig it dosnt some thoughts: is your allow_url_fopen set to true ? [a href=\"http://vlsi-test.ece.nus.edu.sg\/uploadfiles/CMOS_C35_noise_para_ENG-189_rev1.pdf\" target=\"_blank\"]http://vlsi-test.ece.nus.edu.sg\/uplo...NG-189_rev1.pdf[/a] theres a \/ after the domain part not sure how the call will treat this.

[!--quoteo(post=331040:date=Dec 28 2005, 11:41 PM:name=Blackrazor)--][div class=\'quotetop\']QUOTE(Blackrazor @ Dec 28 2005, 11:41 PM) 331040[/snapback][/div][div class=\'quotemain\'][!--quotec--] I need help on setting this webserver up. I have done everything i possibly can to get this to work. When i go to the website it says No input file specified. I have been at this for 2 days straight. Somone please help. I am trying to setup PHP. Unset doc_root if it is already set (comment the line out in php.ini) Set the cgi.force_redirect PHP directive to 0 Have you allowed the Web Service Extension ? Make sure the ISS anonymouse user has rights to all the php files including the php.ini file. Add the php directory to your PATH environment variable When defining the executable, the 'check that file exists' box (wont cure your issue but worth it anyway) Did you use the installer ? if not delete all the files and the php.ini and run the installer, you may get a wscript error just say yes then rerun the installation so the error dosnt happen and restart the server. Set the cgi.force_redirect PHP directive to 0

[!--quoteo(post=335211:date=Jan 10 2006, 05:30 PM:name=markus79)--][div class=\'quotetop\']QUOTE(markus79 @ Jan 10 2006, 05:30 PM) 335211[/snapback][/div][div class=\'quotemain\'][!--quotec--] Hi freaks, I'm trying to launch a program (Windows Media ASF View) by using shell_exec or exec on Windows 2000. I need the program's GUI to come up. If I execute the php script through command prompt it does; but not when a browser calls it. Does anyone know a way around this, or if I should be using something else? Thanks markus To display media in a web page the client side player needs to be called, have a look here: [a href=\"http://ar.utmb.edu/areas/classes/htgwebembedcontrolschild.asp\" target=\"_blank\"]http://ar.utmb.edu/areas/classes/htgwebemb...ntrolschild.asp[/a]

Sounds like you need some error trapping, echo some of the passed variables out to the screen or add them to the redirect url for instance my initial thought to your problem is that the sql lookup isnt working on your server so if you were to add ?formuser="andy"&sqluser="" by appending the variables to the form action or the resulting redirect string you could tell if one wasnt present. Also think about building the code into 1 file by using functions, test the input string to see if it has any variables attached if it dosnt call the form function but if it does use the username lookup function and so on. Also dont forget to rename your html files to php files and add a security header to them. Some other thoughts while writing this, ou may be requiring globals look here: [a href=\"http://uk2.php.net/register_globals\" target=\"_blank\"]http://uk2.php.net/register_globals[/a] Also how are you doing the check to see where the request is comming from as Windows has some issues with the common variables i.e. $_SERVER['SCRIPT_NAME'] does not seem to work and you need to replace it with $_SERVER['SCRIPT_FILENAME'] Some of the file paths like PHP_SELF have the / swapped for windows \ (XPSP2 so I am told) once again echo them out and check them. Here are some good examples: [a href=\"http://uk.php.net/manual/en/language.variables.external.php\" target=\"_blank\"]http://uk.php.net/manual/en/language.variables.external.php[/a] Hope this is of some help and good luck. Clint Gaskin

[!--quoteo(post=328795:date=Dec 19 2005, 08:12 PM:name=Mark Lordi)--][div class=\'quotetop\']QUOTE(Mark Lordi @ Dec 19 2005, 08:12 PM) 328795[/snapback][/div][div class=\'quotemain\'][!--quotec--] Does anyone know of a way to block a user from scanning for this file exploit. I do not have the file xmlrpc.php installed anywhere on my web server, but for some reason somebody keeps running a scan for it. Whenever the scan is invoked it seems to crash our www publishing service in iis 5. Does anyone know where I can check or how to block this kind of attack? I would redirect him somewhere Make a php file called xmlrpc.php <?php header("Location: [a href=\"http://www.nastysite.com/");\" target=\"_blank\"]http://www.nastysite.com/");[/a] ?> If you want to get clever you could filter the file in the iislockdown tool: [a href=\"http://www.microsoft.com/technet/security/tools/locktool.mspx\" target=\"_blank\"]http://www.microsoft.com/technet/security/...s/locktool.mspx[/a] You may want to install the urlscan package which has the iislockdowntool included: [a href=\"http://www.microsoft.com/technet/security/tools/urlscan.mspx?#g\" target=\"_blank\"]http://www.microsoft.com/technet/security/...urlscan.mspx?#g[/a] You will need to add xmlrpc.php to the [DenyUrlSequences] section in the urlscan.ini file which will be in the \System32\Inetsrv\URLscan folder you can also specify where you send him by including a RejectResponseUrl in the ini file HTH Clint Gaskin