-1

I was testing this PHP script in my Kali box, but for some reason it keeps failing, and I have seen the reason is the ">" character

<?php
foreach ($_POST as $key => $value)
{
    echo "Field ".htmlspecialchars($key)." is ".htmlspecialchars($value)."<br>";
}?>

The result from sending a POST request to this script is: this

Every time I write any ">" character (even comented) the php script terminates as if the character ">" was a close tag like "?>"

I don't know what's going on, I wrote the full application in a Debian 8 box, and it works perfectly fine; I have reinstalled php and apache in Kali but I can't make it work in there, Currently I am running PHP 7.0.10-1 (cli) ( NTS ), any insight will be greatly appreciated.

EDIT: The source code of the resultant page is: this

EDIT: None of the solutions in this post works, the problem is different.

Community
  • 1
  • 1
Francisco Diaz
  • 1
  • 1
  • 2
    Sounds more like php isn't running. What is the output of `php -v`? Your php is valid enough (though I don't like where your curly brackets are, because I'm a formatting snob). Can you copy/paste the source response? Probably with ctrl+u, depending on your browser. – Blake Sep 01 '16 at 22:01
  • Browsers don't use the PHP CLI SAPI, so yeah, what @Blake said. – Jonnix Sep 01 '16 at 22:03
  • View source in browser. Can you see all the code? – Progrock Sep 01 '16 at 22:03
  • Thank you all, my php -v is: root@kali:/var/www/html# php -v PHP 7.0.10-1 (cli) ( NTS ) Copyright (c) 1997-2016 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies – Francisco Diaz Sep 01 '16 at 22:12
  • Yep, it's working for CLI, but nothing else. Definitely your PHP install. – Blake Sep 01 '16 at 22:27
  • it almost as if it's detecting `=>` like `=[string]?>` as a [php short tags](http://php.net/manual/en/ini.core.php#ini.short-open-tag) but then that means it's assuming that there is a `?` in between – Memor-X Sep 01 '16 at 22:29
  • 1
    No, the browser is trying to interpret it like some messed up html tag.. `` as the end tag. Really messed up xml tag, essentially @Memor-X – Blake Sep 01 '16 at 22:48
  • The problem is that every > character is recognized as a close tag. Thank you for you help. I will look forward to reinstall php. – Francisco Diaz Sep 01 '16 at 22:58
  • Possible duplicate of [PHP code is not being executed, instead code shows on the page](https://stackoverflow.com/questions/5121495/php-code-is-not-being-executed-instead-code-shows-on-the-page) – user3942918 Aug 20 '17 at 05:23

1 Answers1

1

Your web server isn't parsing PHP documents correctly; it's just shooting out the code as if it were plain HTML and not interpreting it.

See http://php.net/manual/en/install.php, but if you are using a Linux distro, there may be shortcut instructions that make it simpler (under Ubuntu, for example, there are shortcuts in https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-12-04). IOW, if you're using a Linux distro, search for "php $distroname" to get simplified instructions.

For what it's worth, my PHP interpreter didn't barf on your code; you appear to be syntactically OK.

BJ Black
  • 2,483
  • 9
  • 15
  • Oh, and try something like the following to test: This is about the simplest (and most useful) test there is. – BJ Black Sep 01 '16 at 22:04
  • Ty BJ Black, but Even fails, it return a blank page. I'm thinking the problem is my php installation. – Francisco Diaz Sep 01 '16 at 22:12
  • Yeah, if you were to "view source" within your web browser, you'd see your PHP code (which should never happen). phpinfo() is a super-helpful test of your server config; it either displays empty (if borked) or a bunch of server info (if not borked). Good luck! – BJ Black Sep 01 '16 at 22:15