LFI2RCE via Segmentation Fault
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
According to the writeups (second part) and , the following payloads caused a segmentation fault in PHP:
You should know that if you send a POST request containing a file, PHP will create a temporary file in /tmp/php<something>
with the contents of that file. This file will be automatically deleted once the request was processed.
If you find a LFI and you manage to trigger a segmentation fault in PHP, the temporary file will never be deleted. Therefore, you can search for it with the LFI vulnerability until you find it and execute arbitrary code.
You can use the docker image for testing.
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.