Jump to content

Archived

This topic is now archived and is closed to further replies.

webslave

Download php files

Recommended Posts

I need to know how to download php files in there raw state not the html converted state, my friend had a shopping cart that has just been built on his site and it has major issues that im sure of, just need to prove it to him, the builder of the site left all the admin files viewable with no index or 404 so its all out in the open can anyone help on how to find a way iin so i can prove its vulnerability

Share this post


Link to post
Share on other sites
I need to know how to download php files in there raw state not the html converted state, my friend had a shopping cart that has just been built on his site and it has major issues that im sure of, just need to prove it to him, the builder of the site left all the admin files viewable with no index or 404 so its all out in the open    can anyone help on how to find a way iin so i can prove its vulnerability

209680[/snapback]

 

 

sorry, mbut the onyl way u can is if u manage to get to an ftp, as soon as any program whatsoever even accesses it, its processed.

 

stleasst i think that i correct.

Share this post


Link to post
Share on other sites

Yes, thats true, even if your directory has no index file and the browser shows your list of php files, the best anyone could do is know the exact path to your files, hack in and steal them.

 

If anyone were to click on any of the files, or try to download them, only the output of the script gets shown, not the actual php source...

Share this post


Link to post
Share on other sites

Hi,

 

You can write a php script to gzip a php file on *nix and then serve the zip file off to you.

You will have to use the system() function to gzip the file and store it in temp etc.

 

Anything can be done. Just takes a little time.

Rgds,

Steve

Share this post


Link to post
Share on other sites

hi,

if you can upload a file to the server then try using the combination of readdir() function and show_source() function.

That can set up something of a file browser!!

 

Oh and by the way the example shown on the page pointed by the first link is very useful!!

 

I hope it helps.

Share this post


Link to post
Share on other sites
Hi,

 

You can write a php script to gzip a php file on *nix and then serve the zip file off to you.

You will have to use the system() function to gzip the file and store it in temp etc.

 

Anything can be done. Just takes a little time.

Rgds,

Steve

234633[/snapback]

 

 

WTF? how do i steal someone's file by zipping it? how the hell do I zip someone's file?

Share this post


Link to post
Share on other sites

Mod Edit: Closed -- Be considerate; use common sense. That means reading the descriptions of each forum before deciding to start a new thread in it. Moreover, when a thread is titled "READ THIS IF YOU ARE NEW," it's probably a prudent idea to do so. For reasons behind my closing of this topic, see posts here.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.