I have a weird unexplainable phenomenon going on.
I downloaded some source code from a website, a basic PHP script. It came with an SQL to reference numbers as part of the script.
I uploaded the file called post.php and SQL file to my server and ran it - but - instead of executing the code in the PHP file, it loads the content of the webpage of the author of the source code. and stays on my server URL.
The code in the file has nothing to do with the author's site, or graphics or links or redirects or anything.
EVEN IF I delete the entire contents of the post.php file, run the empty file and it STILL LOADS CONTENT from the author's website, where I downloaded it from.
Refreshed browser, restarted, reloaded, you name it. How is this physically possible?
-----UPDATE
In addition when I try renaming PHP files on my server, they become permanently broken "oops broken link" error.
It would be very helpful if you could post some more specific details about what the script was, etc. But, here is my guess. Firstly, make sure that your web server is not doing any caching. If the problem persists, try getting rid of the post.php file itself. Then, I would check to see if the PHP script has created any HTML/PHP files on its own. If all else fails, try going into the code that you downloaded and see what its doing.
Related
last week my wordpress website get redirected to a malicious website, i found some sql injections on my database and also a script on my index.php doing this redirect. I deleted all the malicious database entries and also the script in the index.php, some days later the index have again this script but i cant see the script again on my database. In the chrome inspector mode you can see the file causing the redirect but i cant find from what file my website its calling the script. I downloaded the whole site and use the search function of vscode but cant find the source of the infection. Anyone know how can i find the source/file of this GET?
The malicious redirect is js.cofounderspecials...
You didn't check for file uploads and extension before user uploads so the hacker uploaded a php and js file and edited db easily can u check for cronjobs and to see if there is any cronjob maliciously created?
I am experimenting with using AWS. To be specific, I am following the tutorial at this link:
https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/module-three/?e=gs2020&p=build-a-web-app-two
I have tried to add empty PHP tags to the start of the file and renamed the file to index.php instead of the index.HTML of the tutorial. I did a full sequence of refreshing the web app resources and deploying the app on the Amplify console. It did not work. I tried only using the HTML code on index.php and it still did not work. I put back the PHP code, added an echo statement echo "<h1>PHP Code Ran</h1>"; but renamed the file to index.html and it did render. Granted, there was an error in the text output. It also wrote the ending semi-colon and ending quotation, but it worked.
Is there any way for me to use a file named index.php as the home page of a web app using AWS amplify?
A PHP file isn't just an HTML file with a different name: you need to have a server somewhere that's running PHP which will look at the PHP code and run it.
If you're just uploading files to S3, that's not going to happen, the file is just going to be sent straight to the browser, regardless of what you call it and what you put in it.
Putting <?php echo "<h1>PHP Code Ran</h1>"; ?> into a file "worked" only in the sense that when you opened the page in the browser, you saw your browser's best attempt to interpret that as HTML. If you go to "View Source", you'll see that the file is exactly what you uploaded to S3, no PHP has run at all.
If you want to write a PHP application, you need to understand how to run PHP - most likely on an EC2 server, but it could also be in a Fargate container, or something even fancier like bref which lets you run PHP in a Lambda function.
I am having issues while running the live preview of some php files on LOCALHOST. Like I am working on Wordpress theme and while I am able to set the correct base URL and open the file on the browser through index.php, but I am not able to edit and view the other php files.
For example, I have to open index.php which is in http://localhost/test but suppose I want to edit the header.php file. I click on the header.php file and it opens a new page in Browser with URL, http://localhost/test/header.php, which returns a 404 error through wordpress(OOPS PAGE NOT FOUND!)
I have very little work with index.php and mostly with header, footer, functions and everything else. Although this isn't really a big issue, I can go with the traditional way but I really wanted to utilize this Brackets Feature. Hope there's something to get past this :)
This is not an issue this will never open in browser like single file, if you want to check this then header.php and footer.php files are also included into the index.php , you will check from that no need to run them to browser.
I went to edit this PHP file - it's supposed to generate those captcha security images on contact forms - the images werent working, so I was going to see if there was a broken path or something i could fix simply.
But when I opened the file it looked like this:
http://mydomainsample.com/explosion/screenshots/Screen%20Shot%202012-05-17%20at%209.34.14%20AM.png
complete gibberish.
Is it possible this happened somehow while downloading the file from the server? I did not have ftp access to the site originally - we got control of the domain and transferred it from one host to another.
I used site sucker to backup the site before transferring, but it downloads php files as html files. you end up with filename.php.html.
in the past this has never turned the php into incomprehensible gibberish, so i dont understand why it did now.
The problem is, you cannot use programs like "site sucker" to get PHP files. This is because when you get a PHP file from a URL, the file is executed, and you're getting the output of the script. That's why you get .php.html.
It doesn't "turn the php into incomprehensible gibberish", the server runs the script and you're getting the output. Most of the time the output is HTML, which you can open as text. In this case, the script's output is a PNG file, thus why you see "gibberish". Rename the file to .png, then you'll see the image.
You need to get FTP access in order to get the PHP source.
That's a PNG image, not PHP source code.
The file actually looks like a PNG image, maybe you just downloaded output the PHP script has generated?
I feel pretty stupid asking this... but I have a small php script that generates a image based on some GETs and output's it to the browser.
It works fine on my server, but I moved it over to the client's server and I get a 404 error instead of the image. Problem is I have no ideea how to see what is wrong.
Normaly I get an error in the browser so I know what is going on... but not beacase the output is an image I get nothing.
LE: I tried this, at the begining of the script:
error_reporting(E_ALL);
ini_set('display_errors', true);
but nothing.
If you get a 404, the PHP script is either not found or redirects to another resource (a generated and cached image file?) but the path to it is wrong (or the image file can't be generated because of right issues?).
As suggested, remove the header() if any (it's also probaly using a header if the script redirects to the real file after generation).
If the script is delivering the image directly without any redirect, then enabling errors won't help on a not found URL ;-)