PHP
Interactive Mode
Dump variable
Abuse display_errors=on to leak web root directory
A good example of how to leverage the display_errors
misconfiguration is by sending a GET request with arrays injected as parameters. This technique, known as Parameter Pollution or Parameter Tampering relies on the fact that most back-end code does not expect arrays as input data.
Dump PHP Variables
- Create new file
dump.php
- Curl the output of that file
PHP Debugging
PHP
XDebug and VS Code Remote Debugging
Learn How to Debug PHP with Xdebug and VsCode How to install Xdebug and use it in PHP on Ubuntu?