4 writeups tagged with PHP
b2evolution blog CMS on Ubuntu. Authenticated file manager abuse and PHP filter injection lead to remote code execution.
Custom PHP forum on Fedora Linux with MariaDB. SQL injection bypasses authentication, leading to file write and shell upload.
FTP anonymous login exposes web application files. Abused file write via FTP to upload a PHP webshell for initial access.
PHP file upload bypass with double extension and MIME spoofing. Cron-executed user script for lateral move, ifcfg privesc to root.
