i m trying to pen test a website so if i managed to browse website directories including db config and .php files but whenever opening any .php file nothing show like empty file and every .php file on the website acting the same i cant figure out why
Maybe, you can read source of php files with using similarly tactik of that;
language= php://filter/read=convert.base64-encode/resource=/etc/passwd
You can suppose language is the vulnerable parameter and you try to read /etc/passwd file. The return a base64 value and you should decode it. You can see the content of and file with this way.