I’m stuck 3 days in this, I reach the admin panel and I found some others directorys but cant find a usefull thing because none of theses have a .php or something like that, I read the /etc/passwd and didn’t find something and in the cookies I dont have one to log poison it what should I do?
I just found like houndreds of directorys in directorys in directorys in directorys in directorys, so… it’s really necessary that I need to search through all :|?
i can also stuck here before,you can try to log poisoning.
first,you should find a file called access.log.
I remembered this when I am stuck too:
Read the source of webfiles. You will find some php commented in the source which then links to an admin page. Once you are in the admin page, use other methods as stated above^
Hey, i’m stucked in the access.log poisoning. I don’t understand why, i’m changing the user-agent to php shell payload but it doesnt give me any command.
the standard payload is filtered…you have to find another way in php in order to “read” the file…