Free online PHP tester

Hi, everyone.
I recommand you to check this website out: http://forumferney.free.fr/stester.html.
It's a dynamic website on which you can directly execute PHP scripts to test them (without uploading) and for free. You can even use the script on your own website! (by looking at the sourcecode you can call the php script from your website directly).

 

I just deleted stester.html


Good job on security.


EDIT:

After highlighting the code of your execute script, I figured it was even easier to bypass the security hole than I thought. Oh jeeze...


EDIT 2:

I just found your MySQL access details for mysql5.worldispnetwork.com.

This is exciting. Thanks for putting this up.

EDIT 3:

also found your MySQL details for the host you're using for this. You're too smart.


EDIT 4:

Wow, I just entered your PhpMyAdmin, and found your credit card number, lmao. It expires on 05/08.

Dude, seriously. Take this shit off.

EDIT 5:

I deleted stexecute.php as well now. Just for your good. You should be thankful...

 

HAha thats funny.

 

LOOOL

Thank'S GOD , nice swd is a nice guy

 

It's funny what ideas people have. What on earth would this be good for? I guess every serious coder has a local web server with PHP and tests the code there.

 

awesome.. well may be you can tell a thing or two about what he did wrong as I too may be doing something that stupid

 

I think by using :

highlight_file(__FILE__);

PHP:

, you can see the code source of a web page .

Then you can see the database file connection .

then access phpmyadmin ?

 

EDIT:

Well, he has a separate server for MySQL, with another subdomain. I just went there and it asked me for the login details. Which were in the highlighted file as well.


He had about 500 "or"s in his code which looked like this more or less:

if (strpos($code, 'fopen(') !== false || strpos($code, 'opendir(') !== false || strpos($code, 'readdir(') !== false [.......])

PHP:

I expected the code to be a little bit more secure and did this to bypass the function block:

$echo = 'opendir';
$echo2 = 'readdir';

$fp = $echo('.');

while (($file = $echo2($fp)) !== false)
{
    echo "$file<br />\n";
}

PHP:

From there could I see the files. glob() didn't work for some reason. Or now that I think of, maybe print_r() doesn't work with eval()... anyway. Now that I could read the dirs, I did just a highlight_file() on the files that seemed to be interesting and saw its contents.


I could have bypassed this even easier by putting a space between the function name and bracket.

$dir = opendir ('.');

PHP:

But I figured that out later after highlighting the execute file.

 

He put it back online, lol. I left him a note.

http://forumferney.free.fr/stester.html

 

man leave it next time , give me a chance to mess with it

 

Lol, I'm sorry. You still can with a local form. Point it to stexecute.php with a field name called "code".

 

I'm not sure if he read your post last time , now you will be sure that he read the message lol

LMAO

 

Lol, he's stupid enough for putting it up again after it "magically" disappeared. I hope he learns now. And if not, I'll continue messing it up until he gets it, lol.

 

You know , i dont even need a local form to mess with it loool

just use google cache and it will work ...


xxx
Cxxx
doxx
mexx
scriptxxxx.html
uxxxx.php
maxxx.html
jsxxxx

 

Hahaha, nice one. This is so much fun.

 

he disabled the highlight_file(); lol

Error: Some commands in this script are not allowed in ScriptTester. Click here for a list of unallowed commands.

 

See my post above to see how to bypass this.

http://forums.digitalpoint.com/showpost.php?p=2963065&postcount=8

 

i think he's a french guy , a lot of flash and files are in french .

i think we should leave him a french message also lol

 

Left him a french messsage looool , and a redirection to this thread after 10 seconds so we will be sure he read it

 

Hahahahah....co'mon people....he was just making some new friends (visitors). Stop being so mean....so what he might lose his cc for fraud ....?!!? )) hahah..this shit was strong...