How to view a php script.

How can I view the php in a .php file? Nothing is there to look at? I know php does that, but is there anyway to see the php?

Thanks

If the PHP file is being viewed over the web (HTTP), then no, it is not designed to be able to be viewed. The PHP document is supposed to be interpreted, and then the output sent to the browser, and you are not supposed to be able to see the source.

Although, just because you're not supposed to, doesn't mean that there aren't vulnerabilities in some websites that allow you to.

is there any way I could download it? can you tell me more?

ctrl+s

techb wrote: ctrl+s

Lol, that'll only work for the output of the PHP script (HTML usually), not the actual PHP source code.

No, like I said, the only way to download it is to have access to the webserver (like FTP, or SSH), or to find a vulnerability (like LFI).

I may be wrong but I remember something about server side includes from one of the challenges. Getting one page to print the source of another.

Edit:Ah stealth's post was what i was thinking. LFI not SSI.

stealth- wrote: [quote]techb wrote: ctrl+s

Lol, that'll only work for the output of the PHP script (HTML usually), not the actual PHP source code.

No, like I said, the only way to download it is to have access to the webserver (like FTP, or SSH), or to find a vulnerability (like LFI).[/quote]

Oh. :xx:

Shows how little web stuff I do lol.

techb wrote: Oh. :xx:

Shows how little web stuff I do lol. Hah, and here I thought you were just being an ass because of the stupid question :P

If the server serves http 1.0 you can grab the PHP source with that.

spyware wrote: If the server serves http 1.0 you can grab the PHP source with that.

Vulnerability in the old protocol or it simply doesn't parse?

DigitalFire wrote: Vulnerability in the old protocol or it simply doesn't parse?

Must be a configuration error in a httpd.

MoshBat wrote: As said, you need to actually find an exploit to view the contents of the PHP file, other than the contents that are sent to you, of course. For example, if you can find a way of halting script execution (like a Null byte or something), then the file should spit out everything after it stopped executing.

Could you provide an example of this? I can't tell if you are referring to having a null byte in a string that PHP is trying to read, because afaik that would simply force PHP to stop reading the string (unless you configured PHP properly, like you should, in which case nothing would happen). The only other case I could think you are referring to is having a null byte in the actual PHP source itself, but in the case you are able to do that then you must have access to the source already.

spyware wrote: If the server serves http 1.0 you can grab the PHP source with that.

hmm i did not know that… got any good links to where i could read up on this subject?

and yes i have used google(a long time ago :D:D:D:D)

Shazrah wrote: hmm i did not know that… got any good links to where i could read up on this subject?

It's not worth it, really. This "exploit" is outdated and useless by now. To perform it, grab your favourite shell and do this:

telnet open website.com 80 GET file.php HTTP/1.0 <ret> Host: www.website.com <ret><ret>

You'll now be served with some HTML, CSS and JS, because this "exploit" won't ever work.

Edit: whoops, thanks for pointing that out, COM.

spyware wrote: GET HTTP/1.0 index.php <ret><ret> That sure looks strange to me.

COM wrote: That sure looks strange to me.

Erh, you're right. What I meant to say was something more along the lines of;

GET file.php HTTP/1.0 Host: www.website.com <ret><ret>

spyware wrote: GET file.php HTTP/1.0 Host: www.website.com <ret><ret> Now that looks a lot better, although last I checked, http 1.0 did not have the host header. But I suppose it can't hurt to include it anyhow, might be better off trying a full path in the request part though. But enough about obsolete shit.

Depends how you plan to use the php, but one option is to just simply contact the host, and ask them to email you the php file(s). Unless of course, you want to go in stealth mode… :ninja::ninja::ninja:

awesomekid211 wrote: is there any way I could download it? can you tell me more?

you can only download it if you are already in the system. ssh, any shell on the system, ftp with the webroot account etc

or moshbat's null byte suggestion-(anybody made this work? )

t0xikc0mputer wrote: Depends how you plan to use the php, but one option is to just simply contact the host, and ask them to email you the php file(s). Unless of course, you want to go in stealth mode… :ninja::ninja::ninja:

Lol, what?

"Hey, I know your PHP script has the database password in it, and it's significantly easier for me to find vulnerabilities this way, but can you go out of your way so I can have full access to your code anyways please?"

If it's not already publicly available, they probably don't want it to be.

stealth- wrote: If it's not already publicly available, they probably don't want it to be.

You might be surprised how many PHP devs adhere to FLOSS philosophy. No, of course companies/persons won't give you "crucial" information like passwords, auth schemes or products they're trying to sell. However, there is no shame in asking for the source to tools and other tidbits you'd like to study.