1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

View Source Code of Unprocessed PHP files

Discussion in 'PHP & Perl' started by arthro, Oct 11, 2008.

  1. arthro

    arthro Regular Member

    Joined:
    Aug 18, 2008
    Messages:
    258
    Likes Received:
    13
    Is there a way to view PHP source codes of other sites? Please help. Thanks!
     
  2. ktop

    ktop Registered Member

    Joined:
    Sep 24, 2008
    Messages:
    91
    Likes Received:
    151
    Only if you find a way to hack into their server.

    PHP is by definition a server-side script. So, unlike JS, you won't have access to the source.
     
    • Thanks Thanks x 1
  3. arthro

    arthro Regular Member

    Joined:
    Aug 18, 2008
    Messages:
    258
    Likes Received:
    13
    how about creating a php file on my site to display the php code of other website's php file.. is it possible?
     
  4. mrsix

    mrsix Power Member

    Joined:
    Sep 13, 2008
    Messages:
    785
    Likes Received:
    465
    Location:
    PNW
    Short answer... no.
    Long answer... noooooooooooooooooooooooooooooooooooooooooooooooooo.
     
  5. Dotasense

    Dotasense Newbie

    Joined:
    Sep 29, 2008
    Messages:
    1
    Likes Received:
    0
    PHP is a server side scripting language, im afraid you cant view other web php source code without permission from the owner. :)
     
  6. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    Take a look at the HTML (view source), and see if there is anything in it that gives you a hint as to what software the site is based on.

    This is going to be tough if you are not familiar with too many scripts, but look for anything that might be unique (included files, directory structure, etc.) and then start using your favorite search engine to see if you can track it down.

    If you are lucky, the site will be based on an existing open source project, and you won't need to "hack" the site to get it, you can just get the original project files and go from there.

    Failing that, try a little social engineering. Look for a "this Website developed by xyz company" or anything similar. Pretend to be in the market for a similar site. Pump them for as much information as you can about that site, etc. You can usually get a pretty good idea, and most likely you will even get a quote to get an exact copy.
     
  7. PostWhore

    PostWhore Registered Member

    Joined:
    Jul 22, 2008
    Messages:
    51
    Likes Received:
    2
    Like everybody said it's impossible. When you run php in your browser you are executing the code. The only way to see the code is to access the file without running it in the browser.
     
  8. BlackMelvyn

    BlackMelvyn Regular Member

    Joined:
    Jul 8, 2008
    Messages:
    202
    Likes Received:
    272
    Home Page:
    even without a browser: by using another server to try and read the files isn't possible...
    hack their FTP, not quite many more solutions :(
     
  9. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    I'll amend what I was saying earlier to say that there is one way of displaying a PHP file's source code, but it requires that the site in question have a weak script on it to begin with that can be exploited.

    A PHP script can, for instance, open a file on the server, and then echo the contents to the page. If you find any sort of "raw" display type file that has a URL like w3.site.c0m/view.php?file=report.txt you can always try manually changing report.txt to target.php and see what that gets you.

    Again, though, this is an incredible longshot, most sites simply won't have such a file waiting for you to exploit, and even if they do, good luck finding it in the first place.

    One other thing to bear in mind: Just getting the PHP is likely not going to solve all of your problems. Most decent sites will have a large amount of stuff in the DB, so unless you have a strategy for getting the DB as well, just grabbing the PHP is not going to give you the keys to the kingdom. Instead, what it will give you, is a much better starting place for your outsourced team to build a knockoff. ;)

    Of course, there are still techniques for getting at a PHP file, but they are basically full on hacking, and really beyond the scope of BHW. If you really want to go down that road, do a search for "ethical hacking". Ethical hacking is basically white hat hacking, which probably sounds weak, but the truth is that the techniques that "ethical" hackers discuss are the same techniques that all the other hackers use. What makes them "ethical" is that they only use their mojo on sites that they have been hired to "test" for security flaws. The info you will get reading up on ethical hacking will be a goldmine of root access security holes, SQL injection attacks, arbitrary code execution attacks, and basically as much head turning security stuff as you could imagine.

    Just remember though, if it were easy, everyone would be doing it.
     
    • Thanks Thanks x 1
  10. PostWhore

    PostWhore Registered Member

    Joined:
    Jul 22, 2008
    Messages:
    51
    Likes Received:
    2
    Also even if you can hack yourself into the server, PHP code can be encoded which is as far as I know can not be converted to the original source code. It's not a very common thing, but it is quite possible.

    edit
    Never mind this post. I must be behind things, there are decrypters for Zend out there these days.
     
    Last edited: Oct 20, 2008
  11. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    Well, beyond encryption, some PHP code just sucks. ;)

    If the original coder was a total crack weasel (no offense to crack weasels), then even getting the code is not going to be of too much help.
     
  12. BlackMelvyn

    BlackMelvyn Regular Member

    Joined:
    Jul 8, 2008
    Messages:
    202
    Likes Received:
    272
    Home Page:
    you're right mattstrike, and i'd add that file inclusions can also be protected, as well as direct access to specific php files...

    sorry arthro but chances you get the original source is soooooo little