1 writeup tagged with CHM
PHP RFI via language parameter loads SMB share for RCE. Lateral movement via credential in web config. CHM file drops reverse shell as Administrator.
