IppSec User-agent injection video

I watched an IppSec video a while ago where he managed to get command execution by placing a statement in a log file by manipulating the User-agent field of a HTTP request. (At least this is how I remember it)

I now can’t find the video anywhere and can’t get it on ippsec.rocks…

By any chance does anyone know what this box/ video was?


That is LFI through apache2.log file, payload is set in User-Agent Header, and called in URL. Try to google it, but not sure which ipppsec video was nor box

@WireInTheGhost I think you are talking about this box HTB Bart:

@rahul406 Thanks this is the one i was looking for!