现在尝试一下能不能包含远程文件拿个shell
本地python3 -m http.server起一个http服务,放了一个shell.txt
但是尝试包含了几次,页面没反应,日志上也没有来自靶机的访问记录。看样子是行不通了。
那只能包含/etc/shadow来爆破密码了
An attacker might include local or remote PHP files or read non-PHP files with this vulnerability. User tainted data is used when creating the file name that will be included into the current file. PHP code in this file will be evaluated, non-PHP code will be embedded to the output. This vulnerability can lead to full server compromise.