Website Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • August 30, 2015, 03:01:37 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: ZIP to PHP converter  (Read 19378 times)

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 637
  • I will eat Cody someday.
    • View Profile
    • Donate to Member
ZIP to PHP converter
« on: January 05, 2010, 04:17:43 AM »
This is a small application that converts a ZIP file into a self-extracting PHP file. Simply upload it to your webserver, call it once, then delete it.

zip2php.PNG


Requested by icekin on teh IRC channel.

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • gravatar avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #1 on: January 05, 2010, 06:45:04 AM »
This is a very cool idea! Can it cope with tarballs (.tar or .tar.gz) as well?

gjehle

  • Member
  • Joined in 2006
  • **
  • Posts: 286
  • lonesome linux warrior
    • View Profile
    • Open Source Corner
    • Donate to Member
Re: ZIP to PHP converter
« Reply #2 on: January 05, 2010, 06:45:38 AM »
you, sir, are awesome.
this is simply ingenious.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: ZIP to PHP converter
« Reply #3 on: January 05, 2010, 09:15:18 AM »
But what's the point?

Are there hosts which allow you to run PHP scripts but don't give FTP access? And don't allow .zip files from web-based upload forms? O_o
- carpe noctem

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 637
  • I will eat Cody someday.
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #4 on: January 05, 2010, 10:01:40 AM »
This is a very cool idea! Can it cope with tarballs (.tar or .tar.gz) as well?

Not yet, mebbe I should add it.

you, sir, are awesome.
this is simply ingenious.

Thanks.

But what's the point?

Are there hosts which allow you to run PHP scripts but don't give FTP access? And don't allow .zip files from web-based upload forms? O_o

The problem is not uploading the zips, but unzipping them server-side.
Uploading a crapload of small files takes ages over FTP.
« Last Edit: January 05, 2010, 10:11:19 AM by scancode »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: ZIP to PHP converter
« Reply #5 on: January 05, 2010, 01:01:27 PM »
But what's the point?

Are there hosts which allow you to run PHP scripts but don't give FTP access? And don't allow .zip files from web-based upload forms? O_o

The problem is not uploading the zips, but unzipping them server-side.
Uploading a crapload of small files takes ages over FTP.
Ooooh, duh! - I thought self-extracting meant "generate .zip output". Facepalm, more coffee to me - this could be pretty darn useful when you don't have shell support :)
- carpe noctem

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 7,033
    • View Profile
    • Just for mouser.
    • Donate to Member
Re: ZIP to PHP converter
« Reply #6 on: January 05, 2010, 06:11:07 PM »
That looks pretty awesome!


Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 5,878
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: ZIP to PHP converter
« Reply #7 on: January 05, 2010, 06:24:09 PM »
Any chance that could be done with .asp also (e.g. zip2asp)?

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,565
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #8 on: January 05, 2010, 07:35:39 PM »
Now I needed this a few weeks ago.  ;D
Maybe it could be useful on next Wordpress update... thank you!

 :Thmbsup:

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 7,033
    • View Profile
    • Just for mouser.
    • Donate to Member
Re: ZIP to PHP converter
« Reply #9 on: January 05, 2010, 08:41:39 PM »
Any chance you can do this with exe too? :P Just kidding.

Again, awesome utility here. :Thmbsup:


scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 637
  • I will eat Cody someday.
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #10 on: January 05, 2010, 08:59:41 PM »
Any chance you can do this with exe too? :P Just kidding.

Again, awesome utility here. :Thmbsup:

EXE: use your favourite archiver. WinRAR, WinZIP, WinACE, 7Zip all do SFXs
As soon as I get ASP to work there will be an ASP version (will prolly involve two files instead of one tho)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 7,033
    • View Profile
    • Just for mouser.
    • Donate to Member
Re: ZIP to PHP converter
« Reply #11 on: January 05, 2010, 09:04:44 PM »
Any chance you can do this with exe too? :P Just kidding.

Again, awesome utility here. :Thmbsup:

EXE: use your favourite archiver. WinRAR, WinZIP, WinACE, 7Zip all do SFXs
As soon as I get ASP to work there will be an ASP version (will prolly involve two files instead of one tho)

Er.. What I meant was EXE2PHP. So I could execute an executable on a server via PHP. But like I said it was a joke. ;)


scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 637
  • I will eat Cody someday.
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #12 on: January 05, 2010, 09:10:20 PM »
Any chance you can do this with exe too? :P Just kidding.

Again, awesome utility here. :Thmbsup:

EXE: use your favourite archiver. WinRAR, WinZIP, WinACE, 7Zip all do SFXs
As soon as I get ASP to work there will be an ASP version (will prolly involve two files instead of one tho)

Er.. What I meant was EXE2PHP. So I could execute an executable on a server via PHP. But like I said it was a joke. ;)
Ever heard of system()?

VictorM

  • Participant
  • Joined in 2009
  • *
  • Posts: 16
    • View Profile
    • Successful failure
    • Donate to Member
Re: ZIP to PHP converter
« Reply #13 on: January 07, 2010, 05:22:59 AM »
afraid I can see how this can be used together with a successful injection attack to deploy on a single session. yet, very interesting.
When in doubt, use http://Google

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,565
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #14 on: January 07, 2010, 05:33:24 AM »
Injecting files is not actually dangerous yet.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: ZIP to PHP converter
« Reply #15 on: January 07, 2010, 09:51:23 AM »
Injecting files is not actually dangerous yet.
:huh: :huh: :huh:
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 5,878
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: ZIP to PHP converter
« Reply #16 on: January 07, 2010, 10:56:52 AM »
Injecting files is not actually dangerous yet.
:huh: :huh: :huh:
ROFL (I had same reaction)

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,565
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #17 on: January 07, 2010, 12:57:02 PM »
Unpacking a ZIP file on the server does not automatically cause any danger. How?

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 5,878
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: ZIP to PHP converter
« Reply #18 on: January 07, 2010, 03:34:22 PM »
Unpacking a ZIP file on the server does not automatically cause any danger. How?
Kinda depends on what's in the file...

...Sure the server isn't in any danger (unless you count reputation) but the visitors..?

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,565
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #19 on: January 07, 2010, 03:40:25 PM »
The visitors need a link to the file anyway. Where should that be?

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 5,878
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: ZIP to PHP converter
« Reply #20 on: January 07, 2010, 05:54:59 PM »
The visitors need a link to the file anyway. Where should that be?
You're kidding, right?

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,565
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #21 on: January 07, 2010, 05:56:30 PM »
No, why?

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: ZIP to PHP converter
« Reply #22 on: January 07, 2010, 06:04:19 PM »
The visitors need a link to the file anyway. Where should that be?
*facepalm*

If you have the possibility to inject a zippedfile.php on a server and then run it... what harm could you possibly do? Nobody would think of putting index.php in that sfx-zip, of course no... and certainly nobody would put a connect-back shell, would they? Definitely harmless :)
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,565
    • View Profile
    • Donate to Member
Re: ZIP to PHP converter
« Reply #23 on: January 07, 2010, 06:11:53 PM »
Depends. Does unzipping always overwrite files? It actually shouldn't. (So who cares about index.php?)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: ZIP to PHP converter
« Reply #24 on: January 07, 2010, 06:14:13 PM »
Depends. Does unzipping always overwrite files? It actually shouldn't.
For the intended use of this program (as I understand it: upgrading websites, especially pre-fab systems), it should.

(So who cares about index.php?)
Ask any website owner who has his site defaced :)
- carpe noctem