"Stealing" PHP Files

Hey

I am not sure if this is the right place to put the thread but if its wrong, move it please ;)

Well, my question:

Is it possible to "steal" php files from a website?

i want this file: http://rs-beta.info/email.php

if you just view source you just get some htlm..

Hope you can help :)

The short answer, is no. Although, there are more complex ways, they require other conditions.

Also, fail for runescape.

PHP files are handled server-side and the HTML is rendered to the client. So, the short answer is no… unless you can gain access to the server.

Ok, nice explanation on server side there :) I'll give you an example.

Logins are used in PHP only 80% of the time. People take pride in writing a long effective PHP script. If you could "steal" scripts, people would lose money, and logins everywhere would be useless.

If you were to gain access to admin section (cPanel etc.) or somehow something as rare as poison NULLs and sometimes errors spitting out file info, possibly you would receive the script, but it's unlikely. Near impossible.

There are existing (though very heavily rare) exploits available but to my knowledge, viewing the PHP source is an administrative task.

I didn't explain technical, but practical. Hope it helps (you already had the technical ;) )

There are a number of ways to display the PHP code. I don't think you deserve to know them though.

lol that site is complete bs…a flash login? world map links to runescape.com?

although sadly I bet they're getting a lot of user/passes. if you tried to login there I'd recommend changing your password asap.

Thx for answers guys :)

btw i would never fall for a scam site like that ;)

spyware wrote: There are a number of ways to display the PHP code. I don't think you deserve to know them though.

Good post! Hopefully other noobs get the "jist"