Is it possible?

eddyvlad · #1 (**permalink**) 08-30-04, 03:45 AM

Is it possible to extract or get unknown variable from an online php site?
Example, there is this http://www.somesite.com/info.php
I don't have any idea of the variable names in that file but is it possible to extract them?

eq1987 · #2 (**permalink**) 08-30-04, 03:56 AM

I can't say 100% sure, but PHP is very secure. Getting a variable would be in a sense, "hacking". Javascript might be able to do it. Not get the actual variable, but the same results. Since I don't know what your trying to accomplish, I cant say for sure.

Ex. of what i mean:
I have recent forum posts on my site.I could have used PHP & MySQL Select, but I was able to use JS. I of course didn't write the JS, it is a mod. (i don't know Javascript)

If it is possible, hopefully someone will post.

Andy1984 · #3 (**permalink**) 08-30-04, 04:51 AM

viewing someone elses php files would be a security risk. like you could get the username/password to a db or any other sensitive data. also what if someone is trying to make money from selling there php scripts and instead someone decides to have a look at there code. from what ive seen i doubt its possible. or atleast not very easy todo. you would probably have to hack and download the actual php document and that would be bad

eddyvlad · #4 (**permalink**) 08-30-04, 01:24 PM

Well.. in order to create a secure php script, you gotta know the security risk rite?

The actual reason I ask was because I am in this online profile/community thing and I tried to use html on my nick, so it stand out from the rest.. Say... a red colour nick. I bypass the javascript validation by creating my own external form and post it to the original php. But now the admin detected my nick and now create the validation in php. If only I can find out what's going on in the script... hmmm....

eq1987 · #5 (**permalink**) 08-30-04, 01:39 PM

If you want a red font, and the owner doesn't stip tags, you could just type:
<font color="red">My nickname</font>

eddyvlad · #6 (**permalink**) 08-30-04, 02:38 PM

Quote:

Originally Posted by eq1987

If you want a red font, and the owner doesn't stip tags, you could just type:
<font color="red">My nickname</font>

Dude.. I did that before. Now they're aware of it. That's why I'm posting this.

blaw · #7 (**permalink**) 08-30-04, 09:19 PM

Hello,

When certain conditions meet, it's possible to do what you want to do, but it is difficult to meet those conditions or PHP would have been dead by now.

Your post sounds a bit like asking how to break into a bank silently, unnoticed so that you can pick up your cell phone that you had forgotten on the desk during the daytime.

The best advice I can give you is ask the administrator of the community to implement such features.

HTH.

Eclipse · #8 (**permalink**) 09-01-04, 04:46 PM

I don't mean to sound like an assh0le but your that much of an attention-wh0re?

Edit: I needed to replace the "o"s with "0"s due to the word filter not because I use "leet"