Discussion in 'PHP & Perl' started by arthro, Oct 11, 2008.
Is there a way to view PHP source codes of other sites? Please help. Thanks!
Only if you find a way to hack into their server.
PHP is by definition a server-side script. So, unlike JS, you won't have access to the source.
how about creating a php file on my site to display the php code of other website's php file.. is it possible?
Short answer... no.
Long answer... noooooooooooooooooooooooooooooooooooooooooooooooooo.
PHP is a server side scripting language, im afraid you cant view other web php source code without permission from the owner.
Take a look at the HTML (view source), and see if there is anything in it that gives you a hint as to what software the site is based on.
This is going to be tough if you are not familiar with too many scripts, but look for anything that might be unique (included files, directory structure, etc.) and then start using your favorite search engine to see if you can track it down.
If you are lucky, the site will be based on an existing open source project, and you won't need to "hack" the site to get it, you can just get the original project files and go from there.
Failing that, try a little social engineering. Look for a "this Website developed by xyz company" or anything similar. Pretend to be in the market for a similar site. Pump them for as much information as you can about that site, etc. You can usually get a pretty good idea, and most likely you will even get a quote to get an exact copy.
Like everybody said it's impossible. When you run php in your browser you are executing the code. The only way to see the code is to access the file without running it in the browser.
even without a browser: by using another server to try and read the files isn't possible...
hack their FTP, not quite many more solutions
I'll amend what I was saying earlier to say that there is one way of displaying a PHP file's source code, but it requires that the site in question have a weak script on it to begin with that can be exploited.
A PHP script can, for instance, open a file on the server, and then echo the contents to the page. If you find any sort of "raw" display type file that has a URL like w3.site.c0m/view.php?file=report.txt you can always try manually changing report.txt to target.php and see what that gets you.
Again, though, this is an incredible longshot, most sites simply won't have such a file waiting for you to exploit, and even if they do, good luck finding it in the first place.
One other thing to bear in mind: Just getting the PHP is likely not going to solve all of your problems. Most decent sites will have a large amount of stuff in the DB, so unless you have a strategy for getting the DB as well, just grabbing the PHP is not going to give you the keys to the kingdom. Instead, what it will give you, is a much better starting place for your outsourced team to build a knockoff.
Of course, there are still techniques for getting at a PHP file, but they are basically full on hacking, and really beyond the scope of BHW. If you really want to go down that road, do a search for "ethical hacking". Ethical hacking is basically white hat hacking, which probably sounds weak, but the truth is that the techniques that "ethical" hackers discuss are the same techniques that all the other hackers use. What makes them "ethical" is that they only use their mojo on sites that they have been hired to "test" for security flaws. The info you will get reading up on ethical hacking will be a goldmine of root access security holes, SQL injection attacks, arbitrary code execution attacks, and basically as much head turning security stuff as you could imagine.
Just remember though, if it were easy, everyone would be doing it.
Also even if you can hack yourself into the server, PHP code can be encoded which is as far as I know can not be converted to the original source code. It's not a very common thing, but it is quite possible.
Never mind this post. I must be behind things, there are decrypters for Zend out there these days.
Well, beyond encryption, some PHP code just sucks.
If the original coder was a total crack weasel (no offense to crack weasels), then even getting the code is not going to be of too much help.
you're right mattstrike, and i'd add that file inclusions can also be protected, as well as direct access to specific php files...
sorry arthro but chances you get the original source is soooooo little
Separate names with a comma.