RCE with PHP Web Shell – Digitalmunition




Home Forums RCE with PHP Web Shell

This topic contains 1 reply, has 2 voices, and was last updated by  iamnemo___ 1 month ago.

  • Author
    Posts
  • #321015

    anonymous
    Participant

    Hey everyone,

    I have managed to upload a php webshell to a php server but the uploaded files are accessible using their database uuid.
    What I mean is something like:

    “`
    https://server.com/uploads/<some-uuid>/raw
    “`
    So there’s no actual extension. I was wondering if it was possible executing the php script given this url (in this case by passing `cmd=<command-here>`)

    I have two options: `raw` returns the script in raw format (I can see the code) and `preview` gives a weird preview in image format (filename in a png).

    I have tried dropping a `htaccess` file where I tried to execute images as php but nothing happened.

    Any suggestions? thanks

  • #321016

    iamnemo___

    What’s the png? Does it take the file and transform it to a png? Or does it render the page then convert it to a png?

You must be logged in to reply to this topic.