Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

No Input File Specified error


Mtutnid's Avatar
Member
0 0

Hi all, One of my friends created a website and we check each other's work by pentesting (in order to learn it and learn to prevent it)

He has set up very basic directories. What I found strange:

first I saw that page.com/index had no extension adding .html makes it open normally, any other gives a 404 error. But when I replaced it with .php I got a blank page with the words No input file specified I thought he might have created two files index.html and index.php, but it seems that I can write anything with .php (f. egz. fhlkgjha.php, and I don't think they have a page for that) and still get the same response: No input file specified

Does it have anything to do with the .htaccess file, some default response page?

I'm trying to learn so I want to know if this could pose a weakness or am I just stupid?


elmiguel's Avatar
Member
2,795 1

Also,

If your friend is doing redirects on a IIS website, this could cause an issue as well if your are trying to run HTTP and HTTPS on the same site.

In this case it would be the something in the page that would look like this:

PHP:


// Set the home URL -> NOT THE SAME AS: http://site.com/index.php, we are checking the home service!
  $home = 'https://site.com/index.php';
    
  // Check the URI on first load and make sure it goes to ./index.php - fixes the backlinks.
  $url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
  
  // Check to see if the index.php is in the request; if not, redirect - fixes the "No File Specified!"
  if (!strpos($url, 'index.php')){header('Location: http://site.com/index.php');}

This is a piece of code I wrote for just that. ;)

hope that helps alittle.