Why wont my php execute?!?
I have found a website that has no input validation… (i know right) This site uses php for its web development. And so I figured I could inject php just like html, javascript etc. When I try to inject php into a page via PMing myself or in a forum post etc. the code is not visible from the surface, but when you look at the source it is there fully intact but in Pink. I just tried to do a redirect as a test but eventually hoping to get a shell uploaded / executed on the server (I would like to leave a note for the admin before emailing him).
Can anyone give me an idea as to why my php isnt being executed?
Why have you posted the same thread again?
We already answered this question here:
http://www.hellboundhackers.org/forum/php_injection_like_xss-15-12850_0.html PHP = server side. HTML = client side.
all your doing is putting php into a variable that is echo'ed.
If theres no eval() SERVER SIDE, it wont work.
Mr_Cheese wrote: Why have you posted the same thread again?
We already answered this question here:
http://www.hellboundhackers.org/forum/php_injection_like_xss-15-12850_0.html PHP = server side. HTML = client side.
all your doing is putting php into a variable that is echo'ed.
If theres no eval() SERVER SIDE, it wont work.
wow im sorry… Last Time I looked at that it had 2 reply's and wasnt on the front page anymore…so i figured it was done,. so I thought I would reword it and add some new info that I found. Sorry you guys….
EDIT:Thanks for the help, and please know I am a dumb ass sometimes..
Where would an Eval() usually be used? I know where a Include() is usually used but Ive had no luck with that so far..
read those and it will make sense if your still having difficulty understanding.