From 7e1ac22fa0ac4aa63f4d87f89dbb36236f74c275 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Sun, 11 Apr 2021 12:11:44 +0200
Subject: [PATCH] Polish and simplify php file-read/write

---
 _gtfobins/php.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/_gtfobins/php.md b/_gtfobins/php.md
index f494b3e..8ad4360 100644
--- a/_gtfobins/php.md
+++ b/_gtfobins/php.md
@@ -51,11 +51,12 @@ functions:
         CMD="/bin/sh"
         ./php -r "posix_setuid(0); system('$CMD');"
   file-read:
-    - description: read file and output it on screen.
-      code: |
-        php -r 'readfile("/etc/passwd");'
+    - code: |
+        export LFILE=file_to_read
+        php -r 'readfile(getenv("LFILE"));'
   file-write:
     - description: write data to a file, filename should be absolute.
       code: |
-        php -r '$write = fopen("/home/FILE-TO-WRITE.txt", "w");$input = "  DATA TO WRITE (Plzsub)  ";fwrite($write, $input);fclose($write);'
+        export LFILE=file_to_write
+        php -r 'file_put_contents(getenv("LFILE"), "DATA");'
 ---