Jump to content

View PHP on sites


Recommended Posts

mixxoys it sounds like you are a little confused as to what php is, PHP is a scripting langauge that is executed on the server side. This means that the php code never needs to be sent to you. So that means that you could do all the packet sniffing in the world and you still wont get the php code as it is never leaving the server that is executing it.

Link to comment
Share on other sites

You might try thefilename.php~ as well since that is the name of the backup emacs does automatically if not told otherwise. But unless someone has been sloppy and left a guessable file that isn't interpreted it is impossible.

Link to comment
Share on other sites

Don't forget .<originalname>.swp for the vi backup.

No, if you want to have a try at this, try using Google Code Search. Seems people have been making a (bad) habit of zipping up a backup of their site... on their site. :?

There was search link someone posted to either Digg or Slashdot shortly after GCS launched that would search for the database passwords in these files. After that, all you need is some overworked, underpaid admin who forgot to firewall off the database server port...

Link to comment
Share on other sites

You could ftp into the site! :pirate:

Now you are assuming that the site is setup so you can brows there ftp server.

Maybe scp, or sftp. Once in you could create a page like this one http://www.php.net/source.php?url=/source.php. Then you can have access to the source of any page instantly.

On e again you are assuming the sites have very bad security. Like any site is going to let you upload anything to them from there ftp server. More over you should of at least said what is inside source.php :/ you cant just name a file that and it magically works. So i would assume the file you are uploading is going to have this code in it


if(isset($_GET['url'])) {

header('Content-Type: text/plain');

$page = $_GET['url'];

$info = file_get_contents($page);

header('Content-Type: text/html');

echo $info;


Now this brings you to the other question, if you can ftp into the server why upload something why not just download the pages you want?

Link to comment
Share on other sites


You took a left when you should've taken a right. Such a shame.

What should be said has been said.

And this is not a cracking forum.


Just looked over it and it's one of those puzzle sites.

At least the first one was _DEAD_ easy. Just try harder.

- Unlocked -

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...