Hi, somebody can help me with information for resolve the question about LFI to Remote Code Excecution (RCE) for use LFI to RCE vulnerability and run command of OS and execute uname -a, i try use the webshell with the coockies with <?php system [$GET('cmd')]?> and in the url language=/var/lib/php/session/sess_uqwu8787bjsasjb&cmd=id this work and appearme the id of the system but i try put whoami or hostname but dont appearme the answer. Please help me.

try use %20 instead of ‘space’ in your command

Hi, i use Burp and here i use repeater tag and i make this probe:

Spoiler Removed

Spoiler Removed

And “Response” appearme uid=33(www-data) gid=33(www-data) groups=33(www-data),4(adm)
This is right

Spoiler Removed

Sorry i put all my steps in comments cause the system not allow me paste all the code, can tell me how can excecute a OS command whoami or hostname or uname

can someone tell me if they have any documentation or links for this issue.

Hi, if somebody have the same problem, first extract the coockie session, late us execute the php with system parameter with cmd; in other browser tab execute with the cockie session with cmd and the command OS. If we want to execute another command we will update the plague with executing php and we will execute the command os.