|
scancode
|
 |
« on: January 05, 2010, 04:17:43 AM » |
|
This is a small application that converts a ZIP file into a self-extracting PHP file. Simply upload it to your webserver, call it once, then delete it. Requested by icekin on teh IRC channel. |
|
|
|
|
Logged
|
|
|
|
|
housetier
|
|
« Reply #1 on: January 05, 2010, 06:45:04 AM » |
|
This is a very cool idea! Can it cope with tarballs (.tar or .tar.gz) as well?
|
|
|
|
|
Logged
|
|
|
|
|
gjehle
|
|
« Reply #2 on: January 05, 2010, 06:45:38 AM » |
|
you, sir, are awesome.
this is simply ingenious.
|
|
|
|
|
Logged
|
|
|
|
|
|
f0dder
|
|
« Reply #3 on: January 05, 2010, 09:15:18 AM » |
|
But what's the point?
Are there hosts which allow you to run PHP scripts but don't give FTP access? And don't allow .zip files from web-based upload forms? O_o
|
|
|
|
|
Logged
|
 - carpe noctem |
|
|
|
scancode
|
|
« Reply #4 on: January 05, 2010, 10:01:40 AM » |
|
This is a very cool idea! Can it cope with tarballs (.tar or .tar.gz) as well?
Not yet, mebbe I should add it. you, sir, are awesome.
this is simply ingenious.
Thanks. But what's the point?
Are there hosts which allow you to run PHP scripts but don't give FTP access? And don't allow .zip files from web-based upload forms? O_o
The problem is not uploading the zips, but unzipping them server-side. Uploading a crapload of small files takes ages over FTP. |
|
|
|
« Last Edit: January 05, 2010, 10:11:19 AM by scancode »
|
Logged
|
|
|
|
|
f0dder
|
|
« Reply #5 on: January 05, 2010, 01:01:27 PM » |
|
But what's the point?
Are there hosts which allow you to run PHP scripts but don't give FTP access? And don't allow .zip files from web-based upload forms? O_o
The problem is not uploading the zips, but unzipping them server-side. Uploading a crapload of small files takes ages over FTP. Ooooh, duh! - I thought self-extracting meant "generate .zip output". Facepalm, more coffee to me - this could be pretty darn useful when you don't have shell support  |
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
Deozaan
|
|
« Reply #6 on: January 05, 2010, 06:11:07 PM » |
|
That looks pretty awesome!
|
|
|
|
|
Logged
|
|
|
|
|
Stoic Joker
|
|
« Reply #7 on: January 05, 2010, 06:24:09 PM » |
|
Any chance that could be done with .asp also (e.g. zip2asp)?
|
|
|
|
|
Logged
|
|
|
|
|
Tuxman
|
|
« Reply #8 on: January 05, 2010, 07:35:39 PM » |
|
Now I needed this a few weeks ago.  Maybe it could be useful on next Wordpress update... thank you!  |
|
|
|
|
Logged
|
I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever. - @VeryGrumpyCat |
|
|
|
Deozaan
|
|
« Reply #9 on: January 05, 2010, 08:41:39 PM » |
|
Any chance you can do this with exe too?  Just kidding. Again, awesome utility here. |
|
|
|
|
Logged
|
|
|
|
|
scancode
|
|
« Reply #10 on: January 05, 2010, 08:59:41 PM » |
|
Any chance you can do this with exe too? Just kidding. Again, awesome utility here. EXE: use your favourite archiver. WinRAR, WinZIP, WinACE, 7Zip all do SFXs As soon as I get ASP to work there will be an ASP version (will prolly involve two files instead of one tho) |
|
|
|
|
Logged
|
|
|
|
|
Deozaan
|
|
« Reply #11 on: January 05, 2010, 09:04:44 PM » |
|
Any chance you can do this with exe too? Just kidding. Again, awesome utility here. EXE: use your favourite archiver. WinRAR, WinZIP, WinACE, 7Zip all do SFXs As soon as I get ASP to work there will be an ASP version (will prolly involve two files instead of one tho) Er.. What I meant was EXE2PHP. So I could execute an executable on a server via PHP. But like I said it was a joke.  |
|
|
|
|
Logged
|
|
|
|
|
scancode
|
|
« Reply #12 on: January 05, 2010, 09:10:20 PM » |
|
Any chance you can do this with exe too? Just kidding. Again, awesome utility here. EXE: use your favourite archiver. WinRAR, WinZIP, WinACE, 7Zip all do SFXs As soon as I get ASP to work there will be an ASP version (will prolly involve two files instead of one tho) Er.. What I meant was EXE2PHP. So I could execute an executable on a server via PHP. But like I said it was a joke. Ever heard of system()? |
|
|
|
|
Logged
|
|
|
|
|
VictorM
|
|
« Reply #13 on: January 07, 2010, 05:22:59 AM » |
|
afraid I can see how this can be used together with a successful injection attack to deploy on a single session. yet, very interesting.
|
|
|
|
|
Logged
|
|
|
|
|
Tuxman
|
|
« Reply #14 on: January 07, 2010, 05:33:24 AM » |
|
Injecting files is not actually dangerous yet.
|
|
|
|
|
Logged
|
I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever. - @VeryGrumpyCat |
|
|
|
f0dder
|
|
« Reply #15 on: January 07, 2010, 09:51:23 AM » |
|
|
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
Stoic Joker
|
|
« Reply #16 on: January 07, 2010, 10:56:52 AM » |
|
ROFL (I had same reaction) |
|
|
|
|
Logged
|
|
|
|
|
Tuxman
|
|
« Reply #17 on: January 07, 2010, 12:57:02 PM » |
|
Unpacking a ZIP file on the server does not automatically cause any danger. How?
|
|
|
|
|
Logged
|
I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever. - @VeryGrumpyCat |
|
|
|
Stoic Joker
|
|
« Reply #18 on: January 07, 2010, 03:34:22 PM » |
|
Unpacking a ZIP file on the server does not automatically cause any danger. How?
Kinda depends on what's in the file... ...Sure the server isn't in any danger (unless you count reputation) but the visitors..? |
|
|
|
|
Logged
|
|
|
|
|
Tuxman
|
|
« Reply #19 on: January 07, 2010, 03:40:25 PM » |
|
The visitors need a link to the file anyway. Where should that be?
|
|
|
|
|
Logged
|
I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever. - @VeryGrumpyCat |
|
|
|
Stoic Joker
|
|
« Reply #20 on: January 07, 2010, 05:54:59 PM » |
|
The visitors need a link to the file anyway. Where should that be?
You're kidding, right? |
|
|
|
|
Logged
|
|
|
|
|
Tuxman
|
|
« Reply #21 on: January 07, 2010, 05:56:30 PM » |
|
No, why?
|
|
|
|
|
Logged
|
I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever. - @VeryGrumpyCat |
|
|
|
f0dder
|
|
« Reply #22 on: January 07, 2010, 06:04:19 PM » |
|
The visitors need a link to the file anyway. Where should that be?
*facepalm* If you have the possibility to inject a zippedfile.php on a server and then run it... what harm could you possibly do? Nobody would think of putting index.php in that sfx-zip, of course no... and certainly nobody would put a connect-back shell, would they? Definitely harmless |
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
Tuxman
|
|
« Reply #23 on: January 07, 2010, 06:11:53 PM » |
|
Depends. Does unzipping always overwrite files? It actually shouldn't. (So who cares about index.php?)
|
|
|
|
|
Logged
|
I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever. - @VeryGrumpyCat |
|
|
|
f0dder
|
|
« Reply #24 on: January 07, 2010, 06:14:13 PM » |
|
Depends. Does unzipping always overwrite files? It actually shouldn't. For the intended use of this program (as I understand it: upgrading websites, especially pre-fab systems), it should. (So who cares about index.php?) Ask any website owner who has his site defaced |
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
Zip2PHP.exe
