Just casual paranoia. Let’s say we have an index.php: <?php exit(‘Forbidden!’); ?> <!DOCTYPE html

Question

0

Asked: May 26, 20262026-05-26T04:27:00+00:00 2026-05-26T04:27:00+00:00

Just casual paranoia. Let’s say we have an index.php: <?php exit(‘Forbidden!’); ?> <!DOCTYPE html

0

Just casual paranoia. Let’s say we have an index.php:

<?php
  exit('Forbidden!');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"> 
<html>
  <title>Can you see me?</title>
  <script language="javascript" type="text/javascript">
    alert("Welcome!");
  </script>
  <p>You got me.</p>
</html>

Can an external user somehow reach the “Welcome!” message? And why yes/not?

Any means are valid (e.g. viewing the source code for the page).

Thank you in advance!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T04:27:01+00:00

Editorial Team

2026-05-26T04:27:01+00:00Added an answer on May 26, 2026 at 4:27 am

The only way the PHP code could be skipped here is if the web server was misconfigured, and failed to handle a .php file by passing it to the PHP interpreter. Instead it would be output as HTML, and the code would be visible by viewing the page source.

As long as the file is handled as a PHP script and the PHP code gets parsed, it will execute correctly. There’s no means of circumventing exit().

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Just casual paranoia. Let’s say we have an index.php: <?php exit(‘Forbidden!’); ?> <!DOCTYPE html

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply