|
|
Posted by Steve on 02/23/07 04:30
"shimmyshack" <matt.farey@gmail.com> wrote in message
news:1172198155.605591.99560@s48g2000cws.googlegroups.com...
| On 23 Feb, 02:23, "Alan Larsson" <newsgr...@alstown.com> wrote:
| > "shimmyshack" <matt.fa...@gmail.com> wrote in message
| >
| > news:1172193670.840327.125390@v33g2000cwv.googlegroups.com...
| >
| >
| >
| > > On 23 Feb, 01:12, Curtis <zer0d...@verizon.net> wrote:
| > >> Alan Larsson wrote:
| > >> > Is there a way i can look at the php code that is runnig a site,
| > >> > without any
| > >> > ind of admin access to the server?
| >
| > >> Unless there is a horrible server misconfiguration or the site has a
| > >> serious scripting vulnerability, no.
| >
| > >> --
| > >> Curtis,http://dyersweb.com
| >
| > > yes, probably but not for someone who provides no specifics and at
| > > least attempts to justify it.
| > > do no evil.
| > > and you have to pay school fees by learning more about things before
| > > you ask this kind of question, or you wont be respected enough to get
| > > given the answers
| >
| > actually, I am being accused of stealing PHP code from a site.. and I
did
| > not think it was possible, so I asked the experts here.
|
| Ah I see, well it didn't sound to me that you knew enough to do it, so
| that's your strongest card.
| Don't start getting interested in this area just for the sake of
| showing you can't because it's a huge area and the answer to this
| question is always YES probably. (even the ones with "hacker safe"
| symbols.
| Basically PHP code is designed never to be released to the end user,
| any file on the server should be executed and only the results of the
| php code sent to your browser, however there are times when people
| make mistakes and the code can be downloaded. The only way you could
| have accidentally stolen code via a browser is by accidentally finding
| a publically available piece of code, which is NOT your fault. Even if
| you did find this, it would be quite improbable that the site in
| question could tell if you had. (Unless they use some kind of complex
| outgoing filter that records but does not stop outgoing code release -
| whereas filters of this kind are usually set up to stop code release)
|
| I would say you are on balance very unlikely to be accused for very
| long,
| a) it shows a lack of professionalism on their part to be releasing
| code which they later regret.
| b) whereas however they are saying "they know" you did it, which shows
| a degree of skill they probably don't have as (a) shows
|
| Just ask for evidence. But don't claim it "isn't possible" because it
| usually is possible to launch an attack, there are so may ways to do
| it. For more advice and info ask "OWASP or web app sec" they have to
| deal with these kinds of complaints and threats on a regular basis
| when they reveal vulnerabilities on sites. In general if you see
| something wrong the advice is don't report it, unless you have reason
| to believe you will escape subsequent action.
which is odd that he'd be asking how to do it...thus giving him the
knowlege/means and taking away his best defense.
find a server that parses all documents via php instead of by extension, and
one that allows uploads. embed php code in an image and upload it. in that
code, you should find the document root and then recurse for all dirs from
the doc root. output the paths into a file your script creates. access that
script. look for interesting names...especially header, security, and config
file names. the embedded php code should also output the product of
php_info(). any file you want, you can access via this method whether it is
in the www root or in some other system directory - which most people here
think gives a measure of security.
it's not hard to hack any site...it just takes a bit of knowledge and some
desire.
Navigation:
[Reply to this message]
|