page=php://input, payload must be in the POST Body (but the request is GET), e.g.
<?php echo system('whoami');?>, this is also possible for
page=../../../../../proc/self/environ, if this is accessible we can set the user agent to php code in
<?php .. ?>and get it executed, this can also be done for
/proc/self/id/<id>and the referrer field (bruteforce the id)