Was someone able to successfully replicate the example for Server Log Poisoning using the rendered
/var/log/apache2/access.log file and injecting a PHP shell via User Agent Header?
Trying this in Burp Repeater, the server stalls with a 500 error after submitting more than one request with parameter
/index.php?language=/var/log/apache2/access.log. No chance to get RCE with a subsequent
I had to read the flag via directory traversal… Anyone able to replicate the example 1:1 and receive the flag with this technique?