samgenius Posted August 13, 2011 Share Posted August 13, 2011 www.phptry.com I Have create a website for biggners to learn php online and excute their scripts. Visithttp://www.phptry.com Link to comment Share on other sites More sharing options...
Ingolme Posted August 13, 2011 Share Posted August 13, 2011 I tried it. Apparently, I'm able to read files and directories on your server.scandir() is working, and so is file_get_contents(). Though, fortunately, there are no write permissions on your server, but if you have any database connections, your MySQL password can be retrieved.Try this in your editor to see it: <?php eval('<?php $d = f' . 'ile_get_contents("./indexs.php"); ?>'); echo nl2br(htmlspecialchars($d));?> By the way, what's hte point of encoding in bas64 and decoding immediately after? $data = base64_encode($data);return eval(base64_decode($data)); Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.