Saturday, April 09, 2005
Grabbing script source files from a server
So, lets assume that the site is run by PHP scripts. The browser makes the initial request, which is served by index.php. Now if you click the hyperlinks (that point back to more php files) on that page, the webserver is going to execute the scripts and send you back the output. What happens if you append a ".bak" to the name of the script file (assuming that there is a backup version of the file in that same directory). The webserver notices a new request and serves out the file without executing the script. It is just configured to execute ".php" files, not ".php.bak" files. What you get back is the actual script source file.
This happens because of the carelessness of the site admin or programmer, who just renames the old file to a ".bak", ".old", ".php.1" or something similar before replacing that script and then not deleting the backup version. This hack is not an easy one to pull off, because someone might have to try out different filename/file extension combinations before striking gold. The site might not even have backup versions in the first place. (But you will be suprised to know that even so many high profile websites, just leave the ".bak" files out there)
If you encrypt the ASP files on the server then it becomes worthless for someone to download the file because s/he cannot view the contents of the file. The ASP file has to be decrypted by the server to execute it, grab the output and send it back to the browser.
Even if all the ASP pages are encrypted, but if the sys-admin or the programmer leaves out the unencrypted versions (lets say for debugging purposes) on the filesystem, then it defeats the purpose of encrypting them in the first place.
Copyright Anand Jain 2004, 2005. All rights