No Input File Specified error
Hi all, One of my friends created a website and we check each other's work by pentesting (in order to learn it and learn to prevent it)
He has set up very basic directories. What I found strange:
first I saw that page.com/index had no extension adding .html makes it open normally, any other gives a 404 error. But when I replaced it with .php I got a blank page with the words No input file specified I thought he might have created two files index.html and index.php, but it seems that I can write anything with .php (f. egz. fhlkgjha.php, and I don't think they have a page for that) and still get the same response: No input file specified
Does it have anything to do with the .htaccess file, some default response page?
I'm trying to learn so I want to know if this could pose a weakness or am I just stupid?
You are correct with the .htaccess
quick google search: http://jenseng.com/archives/000035.html
Also,
If your friend is doing redirects on a IIS website, this could cause an issue as well if your are trying to run HTTP and HTTPS on the same site.
In this case it would be the something in the page that would look like this:
PHP:
// Set the home URL -> NOT THE SAME AS: http://site.com/index.php, we are checking the home service!
$home = 'https://site.com/index.php';
// Check the URI on first load and make sure it goes to ./index.php - fixes the backlinks.
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
// Check to see if the index.php is in the request; if not, redirect - fixes the "No File Specified!"
if (!strpos($url, 'index.php')){header('Location: http://site.com/index.php');}
This is a piece of code I wrote for just that. ;)
hope that helps alittle.