From: Serg B. (sergdodo.com.au)
Date: Mon Aug 09 2004 - 12:11:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanx All,

Onother, possibly silly question but i dont know the answer...
Is there a way to view source code (of php script) somehow through
envoking JS. I mean I know one is server other is client side but still
rather interested if thats possible.

   Serg

On Tue, 2004-08-10 at 02:05, David Precious wrote:
> On Monday 09 August 2004 14:12, Serg B. wrote:
> > Hi All,
> >
> > I am testing a site and came across a scenario where there is a login
> > form displayed on front page with a form heading that is displayed by
> > being passed in, from GET variable by appending it to the URL.
> >
> <snip>
>
> > So this leads me to the next thought. Is it at all possible to
> > execute an arbitrary server side code on the server via this bug?
> >
> > E.g.:
> > www.mydomain.com/form.php?var=<?php echo 'test' ?>
> >
> > This was unsuccessful since quotes (both ' and ") got escaped. I then
> > tried:
> > www.mydomain.com/form.php?var=<?php echo 1 ?>
> >
> > Which echoed everything, PHP tags, code, etc (from looking at page
> > source). I also tried to wrap all of this business in JS escape
> > function with no luck.
> >
> > So the question is how I could run PHP (not JavaScript, since that
> > was covered in numerous papers and presentations...) from what I
> > found.
>
> No, the PHP script will just be echo'ing out the 'var' variable - it
> should not be attempting to execute it.
>
> Because the coder hasn't taken precautions to clean the input, it will
> happily output the Javascript you've given it so that the browser will
> execute it, but it will not execute any PHP code - it'll just get
> returned to the browser as-is.
>
> Cheers
>
> David P
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]