garrywinkler Posted August 22, 2007 Share Posted August 22, 2007 Hi, My query is: Is it possible to capture the actual script of a PHP file from a publicly available web directory? I have tried to use script viewers, PHP debuggers and website copiers and always only manage to save the destination page that is scripted into the PHP file not the actual PHP script. It is in an open directory but i can only "save target as" which again only saves the destination website. To help explain what i mean here is the scenario: There is a Phishing site that has been posted illegally on a compromised site. The folders have not been locked and it is possible to view the directories containing the files used in the Phishing site - one of the files in the folder is the PHP file. The PHP file contains the destination of the stolen information so would obviously be very useful in stopping these fraudsters. How can i see the scrip for that file? Any help would be greatly appreciated. Regards Garry Quote Link to comment Share on other sites More sharing options...
vijayfreaks Posted August 22, 2007 Share Posted August 22, 2007 Hi.. yes its possible if u know its server location, and have right to read it.. then you can <?php $file="./file_path/file.php"; $name="file.php"; if(file_exists($file)) { header('Content-type: application/php'); header('Content-Disposition: attachment; filename="'.$name.'"'); readfile($file); } ?> Regards, Vijay Quote Link to comment Share on other sites More sharing options...
pranav_kavi Posted August 22, 2007 Share Posted August 22, 2007 u can also try using, <?php show_source(url); ?> Quote Link to comment Share on other sites More sharing options...
garrywinkler Posted August 22, 2007 Author Share Posted August 22, 2007 Thanks for you quick responces. Vijay - I am assuming the red in the code needs to be replaced with the information specific to the file but what data do i need to input in the following section? " header('Content-type: application/php'); header('Content-Disposition: attachment; filename="'.$name.'"'); " Thanks Quote Link to comment Share on other sites More sharing options...
vijayfreaks Posted August 22, 2007 Share Posted August 22, 2007 Hi.. yes,you can change accordingly your need.. Regards, Vijay Quote Link to comment Share on other sites More sharing options...
garrywinkler Posted August 22, 2007 Author Share Posted August 22, 2007 Vijay, Sorry for being ignorant about these things but i am still confused. <?php $file="./file_path/file.php"; //#### enter the url $name="file.php"; //#### enter the file name if(file_exists($file)) { header('Content-type: application/php'); //#### Can i leave this as is? header('Content-Disposition: attachment; filename="'.$name.'"'); //#### do i need to only enter the file name readfile($file); } Say for example the file i want to see the script for is processing.php at location http://blah.blah/ is the below script correct? <?php $file="http://blah.blah/processing.php"; $name="processing.php"; if(file_exists($file)) { header('Content-type: application/php'); header('Content-Disposition: attachment; filename="processing.php"'); readfile($file); } ?> Once i have the correct script do i just save the text file as a .PHP document and run it? I really appreciate your help with this. Thanks Garry Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.