Which of the following would retrieve the contents of the passwd file?

A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function .

Which of the following would retrieve the contents of the passwd file?
A . ”&CMD_cat /etc/passwd–&id-34”
B . ”&CMD=cat / etc/passwd%&id= 34”
C . ”&CMD=cat ../../../../etc/passwd7id=34′
D . ”&system(CMD) ”cat /etc/passed&id=34”

View Answer

Answer: A