0

An online tool embeded vim editor into web to debug your php code. It also helps you to practice vim online.
Website: phpio.net

// Press F11 to toggle full screen editting (Ctrl+⌘+F on Mac OS).
// Press Ctrl+Shift+F to format code.
echo 'Welcome to PHPIO.NET!';
4
Contributors
11
Replies
95
Views
10 Months
Discussion Span
Last Post by cereal
Featured Replies
  • Nice attempt but seems to fall short of what http://phpfiddle.org/ offers. No VIM at the fiddle but it has SQL and more. Read More

  • 3

    WARNING!!! foreach (new DirectoryIterator('./') as $fileInfo) { if($fileInfo->isDot()) continue; echo $fileInfo->getFilename() . "<br>\n"; } Just told me what is in your doc root. This is unsafe phpio. I bet I could read your password and get to your webroot. Get rid of this right now!!!! Read More

  • 1

    **@phpio** Hi, test diafol's script and execute `/` you get the system root, you can traverse the filesystem, you can arrive to the passwd file from there. Also, it's possible to: * download the script that executes the code * write to the parent directory through the `error_log()` function * … Read More

  • 1

    Hi cereal. I did get into his webroot and managed to read files (spl fileinfo anyone?). I sent a PM to say as much. This is the problem with roll your own executors. There.s always one class or module that you forget to protect against. It only takes one though. Read More

  • 2
    cereal 1,419   9 Months Ago

    **@phpio** Hi, the source of `__FILE__` (and the other files in the same path) can still be read with this line: include "php://filter/convert.base64-encode/resource=index.php"; This is a variant of the **LFI** (Local File Inclusion attack) that uses `php://filter` and will return a **base64** string that, converted, shows the source code. When … Read More

3

WARNING!!!

foreach (new DirectoryIterator('./') as $fileInfo) {
    if($fileInfo->isDot()) continue;
    echo $fileInfo->getFilename() . "<br>\n";
}

Just told me what is in your doc root. This is unsafe phpio. I bet I could read your password and get to your webroot. Get rid of this right now!!!!

Edited by diafol

Votes + Comments
I'll call you Diablo today.
0

@diafol

Actually it is possible and it is also possible to overwrite files or inject code into the RAM... honeypot? :D

Edited by cereal

0

@diafol
Thank you, It's underconstruction.
But I think it is impossible to access to my webroot.

Hope you will tell me If you figure out something wrong.

1

@phpio

Hi,

test diafol's script and execute / you get the system root, you can traverse the filesystem, you can arrive to the passwd file from there. Also, it's possible to:

  • download the script that executes the code
  • write to the parent directory through the error_log() function
  • execute SQLite and create a database directly in RAM

I suggest you to stop this box, and start from a new installation, set correct permissions otherwise the system can be compromised.

Edited by cereal

1

Hi cereal. I did get into his webroot and managed to read files (spl fileinfo anyone?). I sent a PM to say as much. This is the problem with roll your own executors. There.s always one class or module that you forget to protect against. It only takes one though.

0

@diafol
Could you please let me know how to prevent from getting that information?

1

I think you.ve protected yourself with preventing access above docroot and stopped spl classes. I (almost) never use system or exec commands in my code so I couldn.t give you and exact list of things to block. However I can usually spot a problem if I see one. I don.t think it would be appropriate to discuss what you have and haven.t done on an open forum if your site is still live; and I don.t have the time to discuss via PM. Anybody else?

2

@phpio

Hi,
the source of __FILE__ (and the other files in the same path) can still be read with this line:

include "php://filter/convert.base64-encode/resource=index.php";

This is a variant of the LFI (Local File Inclusion attack) that uses php://filter and will return a base64 string that, converted, shows the source code. When the filesystem was accessible then reading the contents of files, like /etc/passwd, was simply a matter of writing the correct path.

More info about php:// @ http://php.net/manual/en/wrappers.php.php

Edited by cereal

Votes + Comments
You are a naughty boy cereal :D
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.