BetterPHP

Posted: **Mon Jun 13, 2011 10:57 am**

I was curious to know what info exactly was in the $_SERVER array, so I went to PHP: Write Code Online, as I was on my iPod at the time. This is my code:

<?php
foreach($_SERVER as $key=>$server){
echo "$key: $server<br />\n";
}
?>

This Is the info that came up:

HTTP_ACCEPT: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
nHTTP_ACCEPT_CHARSET:
nHTTP_ACCEPT_ENCODING: gzip, deflate
nHTTP_ACCEPT_LANGUAGE: en-us
nHTTP_CONNECTION: keep-alive
nHTTP_HOST: writecodeonline.com
nHTTP_KEEP_ALIVE:
nHTTP_REFERER: http://writecodeonline.com/php/
nHTTP_USER_AGENT: Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
nSCRIPT_FILENAME: /kunden/homepages/26/d94605010/htdocs/lz/writecodeonline.com/php/index.php
nSCRIPT_URI: http://writecodeonline.com/php/
nSCRIPT_URL: /php/
nSERVER_NAME: writecodeonline.com
nSERVER_PORT: 80
nSERVER_SOFTWARE: Apache
nSERVER_PROTOCOL: HTTP/1.1
nREQUEST_METHOD: POST
nQUERY_STRING:
nREQUEST_URI: /php/
nSCRIPT_NAME: /php/index.php
nPATH_INFO: /php/index.php
nSTATUS: 200
nPHP_SELF: /php/index.php
nargv: Array
nargc: 0
n

now I want to call attention to this line:
nSCRIPT_FILENAME: /kunden/homepages/26/d94605010/htdocs/lz/writecodeonline.com/php/index.php

Isn't this the file path of the homepage on the server, nor website?
And in fact, show where the host other websites?

I find this interesting, because if you were smart enough, you could use This info, then actually hack the server and screw around with it.

Just thought I'd mention…

Posted: **Mon Jun 13, 2011 1:07 pm**

They have obviously thought about this as a lot of the functions are disabled.

/kunden/homepages/26/d94605010/htdocs/lz/writecodeonline.com/php/index.php is the name of the file you are viewing

If you enter

InClUDe('nothing');

in the box you see that the index.php uses eval on the input.

the wacky upper-case letters are because they have attempted to disallow include in a crap way.

Posted: **Mon Jun 13, 2011 1:07 pm**

They also use php 4.4.9

Posted: **Mon Jun 13, 2011 7:14 pm**

Phpinfo() Is disabled completely. However, I included my homepage, and the color changing boxes changed the entire page.
This could really be used for potential malicious uses.

Posted: **Mon Jun 13, 2011 7:18 pm**

JelvinJS7 wrote:This could really be used for potential malicious uses.

Not really, you cant do anything with include, all of the file functions are disabled.

Posted: **Mon Jun 13, 2011 7:22 pm**

jacek wrote:
JelvinJS7 wrote:This could really be used for potential malicious uses.
Not really, you cant do anything with include, all of the file functions are disabled.

Well you never know how clever someone can be…

Hehe I'll have to test later when I'm on the computer.

Posted: **Mon Jun 13, 2011 7:25 pm**

JelvinJS7 wrote:Well you never know how clever someone can be…

No... The only reason being able to include random files is good normally is that it allows random code to be executed, but this site actually allows that anyway. You could also use php://filter to get the source of index.php but this old version of php does not have php://filter.

BetterPHP

I hacked WriteCodeOnline?

I hacked WriteCodeOnline?

Re: I hacked WriteCodeOnline?

Re: I hacked WriteCodeOnline?

Re: I hacked WriteCodeOnline?

Re: I hacked WriteCodeOnline?

Re: I hacked WriteCodeOnline?

Re: I hacked WriteCodeOnline?