Jump to content


Photo

Download php files


  • This topic is locked This topic is locked
6 replies to this topic

#1 webslave

webslave
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 02 March 2005 - 04:45 AM

I need to know how to download php files in there raw state not the html converted state, my friend had a shopping cart that has just been built on his site and it has major issues that im sure of, just need to prove it to him, the builder of the site left all the admin files viewable with no index or 404 so its all out in the open can anyone help on how to find a way iin so i can prove its vulnerability

#2 mbundy

mbundy
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 03 March 2005 - 01:29 AM

I need to know how to download php files in there raw state not the html converted state, my friend had a shopping cart that has just been built on his site and it has major issues that im sure of, just need to prove it to him, the builder of the site left all the admin files viewable with no index or 404 so its all out in the open    can anyone help on how to find a way iin so i can prove its vulnerability

View Post



sorry, mbut the onyl way u can is if u manage to get to an ftp, as soon as any program whatsoever even accesses it, its processed.

stleasst i think that i correct.

#3 theverychap

theverychap
  • Staff Alumni
  • Advanced Member
  • 78 posts
  • LocationDevon, England

Posted 09 March 2005 - 11:00 AM

Yes, thats true, even if your directory has no index file and the browser shows your list of php files, the best anyone could do is know the exact path to your files, hack in and steal them.

If anyone were to click on any of the files, or try to download them, only the output of the script gets shown, not the actual php source...

#4 steviewdr

steviewdr
  • Moderators
  • Advanced Member
  • 1,364 posts
  • LocationIreland

Posted 16 May 2005 - 02:17 PM

Hi,

You can write a php script to gzip a php file on *nix and then serve the zip file off to you.
You will have to use the system() function to gzip the file and store it in temp etc.

Anything can be done. Just takes a little time.
Rgds,
Steve

#5 varungr

varungr
  • Members
  • Pip
  • Newbie
  • 3 posts
  • Locationgurgaon, india

Posted 16 May 2005 - 06:40 PM

hi,
if you can upload a file to the server then try using the combination of readdir() function and show_source() function.
That can set up something of a file browser!!

Oh and by the way the example shown on the page pointed by the first link is very useful!!

I hope it helps.

#6 Dead Midgets

Dead Midgets
  • Members
  • Pip
  • Newbie
  • 1 posts

Posted 07 July 2005 - 12:42 AM

Hi,

You can write a php script to gzip a php file on *nix and then serve the zip file off to you.
You will have to use the system() function to gzip the file and store it in temp etc.

Anything can be done. Just takes a little time.
Rgds,
Steve

View Post



WTF? how do i steal someone's file by zipping it? how the hell do I zip someone's file?

#7 Arenium

Arenium
  • Staff Alumni
  • Advanced Member
  • 111 posts
  • LocationMassachusetts

Posted 07 July 2005 - 02:05 AM

Mod Edit: Closed -- Be considerate; use common sense. That means reading the descriptions of each forum before deciding to start a new thread in it. Moreover, when a thread is titled "READ THIS IF YOU ARE NEW," it's probably a prudent idea to do so. For reasons behind my closing of this topic, see posts here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users