Previse
Previse
Thursday, 25 November, 2021 9:40 PM
Maybe there is other php files ?
Get the response at burp
Forward the request until the response appear
Then change 302 to 200 and forward it
Then , on browser we will see the the adding user page
We might ask server for shell >:D
Forward it and we get a shell !
Command has no absolute path !
System will find "gzip" executable using the environment which by default is at usr/bin ":" means or
We can change the environment to export PATH=/dev/shm:$PATH so that
The system will start search at /dev/shm for our created "gzip" executable and run it
Last updated