EvilZone

Hacking and Security => Hacking and Security => : yuco91 September 20, 2013, 02:52:17 PM

: read and download website directory content : is possible ?
: yuco91 September 20, 2013, 02:52:17 PM: Hi guys !

I'm new on the forum. I state that I'm a very noob of hacking world so don't blame me for this question.

I'm developing a website in PHP and I wonder if there's a way to attack the server and try to read and "download" the full sources of my site. Maybe there are some tools for this or this is pratically impossible ? If someone can do this, there a way to protect the site against these kind of attacks?

Thx in advance for your attention ;)
: Re: read and download website directory content : is possible ?
: rasenove September 20, 2013, 03:38:40 PM: First go post a long intro (atleast 500 words) in the introduction board.
: Re: read and download website directory content : is possible ?
: vezzy September 20, 2013, 04:08:57 PM: Hint: HTTP verb tampering.

At least that's one way.
: Re: read and download website directory content : is possible ?
: yuco91 September 20, 2013, 04:45:30 PM: : vezzy September 20, 2013, 04:08:57 PM
Hint: HTTP verb tampering.

At least that's one way.

thanks for this hint. I think this can be a good start point.
: Re: read and download website directory content : is possible ?
: Thor September 21, 2013, 03:53:41 AM: You should check you have disabled directory listing on your server. Although it shouldn't allow someone to read the source code, it makes it easy to map the web application and may expose some sensitive files.
: Re: read and download website directory content : is possible ?
: Kulverstukas September 21, 2013, 08:26:52 AM: PHP files cannot be viewed on the client side unless you put the PHP files in a directory listing for download. If PHP files are there to provide content , then the user will only see what content gets generated.
: Re: read and download website directory content : is possible ?
: yuco91 October 06, 2013, 11:21:00 AM: great ! I make this question because I listened from a friend that some hackers can do this and leak all source code from website with the aim to blackmail the original developers or for resell the code to other people.
: Re: read and download website directory content : is possible ?
: proxx October 06, 2013, 11:27:13 AM: Dont believe anything you hear.
: Re: read and download website directory content : is possible ?
: arty October 06, 2013, 06:10:54 PM: But do believe the things you see.
: Re: read and download website directory content : is possible ?
: Kulverstukas October 06, 2013, 08:22:29 PM: : arty October 06, 2013, 06:10:54 PM
But do believe the things you see.

(http://cdn.culturemass.com/wp-content/uploads/2013/06/I-want-to-believe-poster.jpg)
: Re: read and download website directory content : is possible ?
: Stackprotector October 07, 2013, 09:27:55 AM: : yuco91 October 06, 2013, 11:21:00 AM
great ! I make this question because I listened from a friend that some hackers can do this and leak all source code from website with the aim to blackmail the original developers or for resell the code to other people.
Yes, but this won't happen to you with 10 visitors a year. Getting the source code would usually go though LFI, or a full path disclosure and the hacker finding php file with a wrong extension like .php.bak, .php~ wich are not in the MIME filetype list of PHP/Apache so they are parsed as plain text and shown to the user on request.