Author Topic: Help! php path encode (Read 5195 times)

Kuntau · « **on:** July 05, 2008, 06:01 AM »

Hi guys,

I just lurking around net and I found this website that use some php code to retrieve file for download. eg

http://www.somesite.com/members/_getFile.php?path=ZG93bmxvYWRzL3Bva2VyIHRleHQuemlw

What I can found is.. the code is up one level and go into downloads dir.. but I can't go directly in there.

Here is some error I got if I enter random parameter

Code: PHP [Select]

filesize(): Stat failed for ../downloads/Blabla (errno=2 - No such file or directory)

Is it possible to identify how he code the path? FYI, I know some files inside downloads dir so I can test.

Thanks.

mediaguycouk · « **Reply #1 on:** July 05, 2008, 10:27 AM »

1) The file is probably not on the public webserver so you are probably looking in the wrong place (most places have folder on the webserver, but not in the public_html part)
2) Unless you an inject some code you won't be able to list the contents of the directory
3) If you could you are obviously trying to hack into someone elses website, so I think you'll find us ethical people wouldn't help if we could

Kuntau · « **Reply #2 on:** July 05, 2008, 10:38 AM »

I do for the sake of learning

Problem solved anyway

Author Topic: Help! php path encode (Read 5195 times)

Kuntau

Help! php path encode

mediaguycouk

Re: Help! php path encode

Kuntau

Re: Help! php path encode