Hi there guys,

I've got someone that is trying to insert a php script as well as javascript into one of my community forums. They keep getting blocked, and so far haven't been able to do what they want, but I'm really curious to find out what they're trying to insert into my site.

I've tried wget, but permission is denied, so I'm wondering: Is there any way to find out what's in that php script or javascript file?

I can provide the URL, if needed, but due to the fact that it's beyond a shadow of a doubt a malicious script, I'm not going to post it publicly.

[EDIT]
For clarification:

I want to view the source, not the output(output is blank).

Since he is attempting to get my server to run the page, then I would think I'd be able to get the source without running it. I may be mistaken on this point though.
[/EDIT]

thanks,
json

    i would very. very much doubt it. Otherwise you could go around looking up people's usernames and passwords to connect to databases and so on, which would be pretty insecure.

    I very much doubt you can get a webserver to output the code that's running on it. I'd put a lot of money on it not being possible!

      Hi there John,

      Thanks very much for the reply.

      I thought the very same thing, but since he thought it would run by being called by my server, I thought there might be a way to retrieve it without parsing it.....

      It's why I don't make the big bucks 🙂

      thanks,
      json

        If he's trying to include a script from another website, then it'll have to be accessible from your server in order for it to even do anything...

          Write a Reply...