Exploiting unlinked content using DirBuster, PHP Include() and getting Remote Command Execution (RCE)

This is a real world example – using DirBuster we were able to discover an unlinked file named sugar.php which we enumerated by requesting the  “sugar.php” resource file which returned an error message PHP error: “<b>Error</b>: include(): Filename cannot be empty in”. The valid parameter name “display=” was found using a custom parameter brute forcing script. The … Read more