First off, newer hacker here, have a decent amount of experience at this point but there’s just so many topics to cover so there’s definitely a lot of holes. I recently stumbled on this problem, and I’m having trouble understanding why it doesn’t work.
So I was on a page that read back user input, easy to see there was xss with
<script>alert(0)</script>, but obviously not super helpful. I noticed the page was a .php page however, so I thought maybe if I instead used the tags and injected some php code, I could maybe get it to execute the code for me. I figured I’d try just a simple payload first, with
<?php echo "<pre>" . shell_exec($_GET["cmd"]) . "</pre>"; ?>