0

I have used the cURL solution to solve XSS but there is an issue with it. My proxy.php file contents are:-

<?php
    $url = "http://www.yahoo.com";
    $ch = curl_init();
    $timeout = 5;
    curl_setopt ($ch, CURLOPT_URL, $url);
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
    $file_contents = curl_exec($ch);
    curl_close($ch);
    echo $file_contents;
?>

And this is how i am trying to execute php script

$("#tempButton").click(function(){
    $("#pageContent").load('http://localhost:8080/proof/proxy.php',function() {
        var t = $("#pageContent").html();
        alert(t);
    });
});

But variable t is showing the contents of proxy.php file while it is expected to show contents of yahoo.com which was set in proxy.php file. Am i doing something silly. #FirstTimePHP

Improve this question
6
  • Drop localhost:8080 from localhost:8080/proof/proxy.php, it should be just '/proof/proxy.php'. Also, check firebug and/or chromium inspector for error details. Commented Apr 2, 2012 at 11:01
  • Try visiting your page directly (Just browse to proxy.php), or check the output of the request using Firebug's Net tab (or any equivalent tool) Commented Apr 2, 2012 at 11:01
  • 2
    You probably don't have PHP registered in your web server. If it is, you should never see the content of a php file which is put inside <?php ?> tags when accessing it from the web. Commented Apr 2, 2012 at 11:01
  • When i saw proxy.php from web browser it is actually showing me the contents of my php file and nothing else.It is acting like a text file And i am using tomcat apache server now.Can you tell me how to check whether PHP is registered in my tomcat or not ? I guess this is the basic functionality of every web server Commented Apr 2, 2012 at 11:04
  • @JoachimIsaksson has the correct answer, ensure your HTTP server serves PHP files correctly. Start with a simple Hello World. Commented Apr 2, 2012 at 11:06

2 Answers 2

Reset to default
1

As variable t is showing the content of the file the server software must not be recognising thee script as PHP.

There are several reasons that this may happen. Not having opening tags would be 1 but you of course have these.

Another potential reason is that php has not been loaded as a module in the server software.

Another potential reason is that the server does not parse files with the extension of php (this is configurable).

You should start from basics. Ignore the javascript, instead call the url manually and see what you get. The chances are you will see the code.

If this does happen ensure that server software (usually apache) is set to recognise the extension php is associated with the php module. Lastly ensure that PHP is actually properly installed.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you Peter and Joachimlasksson..Your answers make sense and are helpful. Actually My server is not recognizing php files and i am dealing with it.
1

Make your proxy.php like this.

    <?php
        if(in_array('curl', get_loaded_extensions())) { 
                $url = "http://www.yahoo.com";
                $ch = curl_init();
                $timeout = 5;
                curl_setopt ($ch, CURLOPT_URL, $url);
                curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
                $file_contents = curl_exec($ch);
                curl_close($ch);
                echo $file_contents;
                }
        else {
        echo 'No cUrl here';
        }
?>
Improve this answer

2 Comments

Although good practice this will not help with the op's issue. As stated in the question the code of the php script is being output. Checking if curl is installed will just mean more code is output instead.
I think we cant check something like is_php_intalled() !!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.