LFI to RCE via access_log injection

on

Hi guys

Just wanna share a trick from Local File Inclusion/File Path Traversal to Remote Code Execution by injecting the access_log.

I have a target http://proqualitycontrol.com/index.php?page=aboutus and it’s vulnerable to LFI/FPT. It’s a live website. Inject the target with ../../../../../../../../../../../../../../../etc/passwd%00 payload.

Now change with /etc/httpd/conf/httpd.conf. Not all httpd.conf path is here. To find the access_log location you need to find httpd.conf first.

View source (ctrl+u) for a better view of their httpd.conf.

Open the file called access_log. In this case /home/pro_99/proqualitycontrol.com/access_log.

My friend @paceander coded this perl script to inject the access_log. You can download it here

Run it “perl log.pl <target> 80

Open the access_log again and search for v0pcr3w. If the word is there then we’ve successfully injected the access_log.

Now run this line to execute command on server /home/pro_99/proqualitycontrol.com/access_log%00&cmd=id and you’ll see the “id” command executed.

Our command executed successfully GET /v0pcr3w uid=48(apache) gid=48(apache) groups=48(apache),500(webadmin).

Note: The web administrator has been notified about this vulnerability.

Thats all guys, happy hacking!

 
This also written om my other blog here.

Comments

Jean Philippe said…
Thanks for the update. I really appreciate the efforts you have made for this blog.
All the best !!!


Botulinum Toxin
August 9, 2021 at 4:39 PM
MyAssignmentHelp.co.uk said…
I really like your blog its really informative. Keep sharing these kind of blogs. MyAssignmentHelp.co.uk has proved to be one of the consummate providers in the industry of economics homework help. We provide student essay writing with assignment writing covering almost all existing areas of study ranging from management, arts, mathematics, physics, to nursing as well. Our services rest on two basic principles being quality and authenticity and as soon as you deliver your request; our assignment experts will guide you with a solution within the provided deadlines.
March 9, 2022 at 6:45 PM
Online E Learning Classes said…
this research information is good & detailed.
bridal makeup masterclass
May 20, 2022 at 5:49 PM
EricFord said…
Such a good post from a learning perspective I suggested my friends must visit here one to learn something new, Now it's time to avail generator installation for more information.
September 7, 2022 at 6:02 PM
EricFord said…
This is a good platform for learning many things as a developer, the code is good and easy to understand which makes it attractive, now it's time to avail african gowns for ladies for more information.
September 8, 2022 at 1:09 PM
John Hardy said…
A very good article. I really like it. This article is very helpful for developers. And very interesting. Thanks for sharing this article and great information. Now it's time to avail african gowns for ladies for more information.

September 23, 2022 at 12:40 PM
Best Services said…
Thanks for sharing your great article on this hardware. It was very helpful for me in my project. Now it's time to avail Workwear Trousers for more information.
September 23, 2022 at 1:53 PM
Slade Wilson said…

really your blog is also good and great which I want to read you provide good news about this topic when I also need information about education I have to visit types of formal report service. if I need important news so I have to go to visit this service
September 26, 2022 at 5:09 PM
james said…
Ohhhh Interesting thanks for sharing Good trick with us. Now its time to avail dry van dispatch servicesfor more details.
September 27, 2022 at 2:16 PM
Best Services said…
I'm really thank ful for your kind act. Your article resolve my issue in my project. I have no words how I thank to you. Now it's time to avail Hi Vis Hoodie for more information.
September 27, 2022 at 6:09 PM
julia said…
I really appreciate your blog. This article is about a local file. This is kind information for me. Keep sharing your content. Now it's time to get services shutters in birmingham for more information.
September 28, 2022 at 12:26 PM
John Hardy said…
I really love your good work in this article. You done very nice work in this article. Keep posting are going to be expecting your next blog. Now it's time to avail limo service west palm beach for more information.
November 23, 2022 at 6:46 PM
Tim Steve said…
You did great work on this blog. Nicely worked. It's very helpful for me and also your readers. I am really impressed trick you shared in this blog. Now it's time to avail Hayatte Luxury Services for more information.
February 24, 2023 at 1:34 PM
Ava James said…
This is such an interesting shortcut. I am very glad to know that. Thanks for sharing this update with us. Keep sharing more articles with us. Now its time to avail Limo service West Palm Beach for more information.
May 30, 2023 at 3:09 PM
Sophia Daniel said…
This is an outstanding shortcut key. It becomes very easy to work with shortcut. I am very thank ful for this article. This resolve many problems. Now its time to avail Limo service West Palm Beach for more information.
May 30, 2023 at 5:43 PM
Alex petter said…
This is kind information for me. I am very glad to know that. Such an amazing short key. Thanks for sharing. Now it's time to avail Best 10 seat minibus hire in Dartford for more information.
August 14, 2023 at 6:42 PM
Post a Comment