-
Notifications
You must be signed in to change notification settings - Fork 0
/
source-viewer.php
63 lines (60 loc) · 2.06 KB
/
source-viewer.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<center><h2><b>See the sourcecode to troubleshoot this app</b></h2></center><p>
Just choose one form the list and submit.
<?php
echo "<form method=\"GET\" action=\"" .$_SERVER['SCRIPT_NAME'] . "?" . $_SERVER['QUERY_STRING'] . "\">";
echo '<input type="hidden" name="page" value="' . @$_REQUEST["page"] . '">'; //Just to make ths work with get.
echo '<p><select size="1" name="php_file_name">';
foreach (new MyDirectoryIterator('.') as $fileInfo) {
if($fileInfo->isDot() or $fileInfo->getFilename() == "setupreset.php") continue;
echo $fileInfo->GetExtension();
if ($fileInfo->GetExtension() == "php") {
echo '<option value="' . $fileInfo->getFilename() . '">' . $fileInfo->getFilename() . '</option>\n';
}
}
?>
</select></p>
<p><input type="submit" value="Submit"></p>
</form>
<?php
// Grab inputs
$phpfilename=@$_REQUEST["php_file_name"];
echo '<b>' . $phpfilename . ' source code:</b>';
?>
<hr>
<pre>
<?php
if ($phpfilename <>"") {
highlight_file($phpfilename);
}
?>
</pre>
<?php
class MyDirectoryIterator extends DirectoryIterator
{
public function GetExtension()
{
$Filename = $this->GetFilename();
$FileExtension = strrpos($Filename, ".", 1) + 1;
if ($FileExtension != false)
return strtolower(substr($Filename, $FileExtension, strlen($Filename) - $FileExtension));
else
return "";
}
}
?>
<hr>
<?php
// Begin hints section
if (@$_COOKIE["showhints"]==1) {
echo '<p><div style="background-color: #FFFF00"></p> <p><center><h2><b>HINT - Disable with link on the left</b></h2></center></p>
<b>For Malicious File Execution/Insecure Direct Object Reference:</b>
So, this script shows the source of most of the php files in this site, but not
all. Giving even this level of information about the application is a bad idea.
What would be another good script to checkout? A script that you see in the
menu list on the left, but not the dropdown box? Using GET instead of POST
makes this one easier to abuse, but with "Tamper Data" or "Paros" you could
still screw with POST data.
</div>';
}
// End hints section
?>