gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-18 15:45:36 -08:00
Code Issues Packages Projects Releases Wiki Activity

Linux AD - Keyring, Keytab, CCACHE

Browse Source
This commit is contained in:
Swissky
2019-11-25 23:12:06 +01:00
parent 886a0b9426
commit 3abaa3e23d
4 changed files with 97 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
File Inclusion/README.md
View File

@@ -272,9 +272,14 @@ print('[x] Something went wrong, please try again')
## LFI to RCE via phpinfo()
https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
PHPinfo() displays the content of any variables such as **$_GET**, **$_POST** and **$_FILES**.
> By making multiple upload posts to the PHPInfo script, and carefully controlling the reads, it is possible to retrieve the name of the temporary file and make a request to the LFI script specifying the temporary file name.
Use the script phpInfoLFI.py (also available at https://www.insomniasec.com/downloads/publications/phpinfolfi.py)
Research from https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
## LFI to RCE via controlled log file
Just append your PHP code into the log file by doing a request to the service (Apache, SSH..) and include the log file.