Hi, somebody can help me with information for resolve the question about LFI to Remote Code Excecution (RCE) for use LFI to RCE vulnerability and run command of OS and execute uname -a, i try use the webshell with the coockies with <?php system [$GET('cmd')]?> and in the url language=/var/lib/php/session/sess_uqwu8787bjsasjb&cmd=id this work and appearme the id of the system but i try put whoami or hostname but dont appearme the answer. Please help me.
try use %20 instead of ‘space’ in your command
Hi, i use Burp and here i use repeater tag and i make this probe:
Spoiler Removed
Spoiler Removed
And “Response” appearme uid=33(www-data) gid=33(www-data) groups=33(www-data),4(adm)
This is right
Spoiler Removed
Sorry i put all my steps in comments cause the system not allow me paste all the code, can tell me how can excecute a OS command whoami or hostname or uname
can someone tell me if they have any documentation or links for this issue.
[Solved]
Hi, if somebody have the same problem, first extract the coockie session, late us execute the php with system parameter with cmd; in other browser tab execute with the cockie session with cmd and the command OS. If we want to execute another command we will update the plague with executing php and we will execute the command os.