PHP getting the PHP file [closed]

Closed. This question is off-topic. It is not currently accepting answers.

---

开发者_Python百科

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 12 years ago.

Improve this question

Is there any way to get the source file of PHP like you would for HTML file or javascript from web browser alone? If so how? If not why?

---

No, this is not possible. Server-side languages are meant to be interpreted and run before the output is sent to the browser.

---

Of course. But only if the web server is configured to return just the file and not interpret it first. Most web servers hosting PHP files aren't configured this way.

---

In order to read PHP source code on a remote server, the user needs to find and exploit a remote file disclosure vulnerability. These most often occur in the application its self and can be detected by using a web application vulnerability scanner like w3af.

MySQL based sql injection can be used to read files using the load_file() function as described here.

It is possilbe that the httpd can be vulnerable to a source code disclosure attack, such as this one in IIS.

---

Only if the web server happens to fail. Otherwise no, because all code is executed on server and only it's result are being send to browser.

---

There is a way to do this - but you have the web server needs to be setup to serve ".phps" as text/plain as I've done to demonstrate code examples from my web server. However, if you're trying to poach code from a website running php it's really not possible. Not from the web browser.

---

No, it would pose a massive security risk with MySQL passwords and other sensitive data.

---

<?printf($f='<?printf($f=%c%s%c,39,$f,39);?>',39,$f,39);?>

so, yes.