I show you a picture of some PB code and the debugged results from running it:
The GET request contains errors. If you place a "0" after Content-Length: it will work fine, however that's not what I'm concerned about. I was under the impression that there's no way for someone to read your php code because it gets sent to the php server for processing and all that shows in the page is html code and whatever your php script echoes. But here my host is showing my php code to the world! That's a matter of concern to me as I could have put an encryption key in there or some other private thing, thinking the world can't get at it. Am I wrong? Or does my host have a weakness here?
Looks like your missing the 404 error page. Correct this and I think it'll resolve php contents from being shown.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
<html>
<head>
<title>404 Error - Document Not Found</title>
</head>
<body>
<h1>404 - Document Not Found</h1>
<p>
<blockquote>
The requested object or URL, <b><!--#echo var="REDIRECT_URL"--></b>
was not found on this server.<P>
The link you followed is either outdated, inaccurate, or the server has been
instructed not to let you have it.<P>
Please inform the administrator of the referring page,
<a href="<!--#echo var="HTTP_REFERER"-->"><!--#echo var="HTTP_REFERER"--></a>.
</blockquote>
</body>
</html>
Tested your example code. It didn't reveal the same experience.
.. Oops I've reproduced it.
Last edited by Thunder93 on Mon Dec 22, 2014 2:03 am, edited 1 time in total.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
It's still showing the world my php code here. I did notice that out of 10 to 15 runs it would not show the code maybe once or twice. I tried editing the echo directives out of the 404 page in case it was grabbing the wrong thing but no luck.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
Try temporarily disabling that 404 error page. I think something weird is coming from processing 404 error page.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
I changed the php code to remove all the html, no change. I deleted the 404.shtml page, no change. I have a support ticket in at my host, I'm waiting to see what they have to say.
Good that you created a support ticket with your hosting service. Because that can be a big issue as you know.
I've repeatedly tested your code on another service hosting that file, and I can't reproduce the same experience.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
Unfortunately I can still, even after the changes, confirm netmaestro's results and already received the php contents with space 41200.
Doing the same with hex0rs' address I also get the note about 'HTTP/1.0 413 Request Entity Too Large', wheras using '0' behind Content-Length it returns a 'HTTP/1.1 404 Not Found'.
Got it solved with the help of my host's tech support. The problem was that my .htaccess file didn't specify documents to show for client errors. So I made a generic error page with html and uploaded it, then I put an ErrorDocument line in .htaccess for every possible 400-series error and pointed to the generic page. Now it never dumps my php script.
A big thank you to all who helped and showed concern, it's appreciated
