PHP - samuel-richardson/Sam-Tech-Journal GitHub Wiki

PHP

Vulnerable Configs

allow_url_include allows remote file inclusion.

Vulnerable PHP

Unchecked paths in php allow for local file inclusion.
Remote file inclusion can be used to run PHP.

<?php
$output = shell_exec('id');
echo "<pre>$output</pre>";
?>

PHP Servers

PHP -S <ip> -C <php.ini> Providing an ini file is optional but can be used to create a vulnerable php application.

⚠️ GitHub.com Fallback ⚠️