Skills Assessment - File Inclusion[questions]

hey guys:

i find admin panel and LFI vulnerability , i can get /etc/passwd ,but i can not RCE.
I tried to use all the methods I have learned, but I still can’t get RCE, please give me some help, thank you very much!

Log Poisoning is the right way to do this. It doesn’t always work for some reason.

thank you answer,i try to fill User-Agent with rce code,but it not work,
i already try it before,please give me some help, i have stuck for a few days

I have the same issue. When I input the payload into the User-Agent header, the log file breaks and stops logging any input, even non-malicious ones. Is the lab broken perhaps?

Did you try any possible log poisoning solution? Maybe you would get other results with alternative solution… One, for sure doesn’t break…

Problem already solved!

Hi I am also stuck here , can you suggest ?

Este articulo me ayudo a terminarlo, fijate bien. https://ironhackers.es/tutoriales/lfi-to-rce-envenenando-ssh-y-apache-logs/

hi friend
in this question all requests that i send through burpsuite returns 200 ok
but never shows the file content or even the cmd result by that php shell.

i can see that url returns the comment that we make whit the var ?comment=

Can u help me to clarify this (newbie) issues?
tank you

Hey Friend
is to log poison the access.log file like in the session lesson?
i found lot of files in that admin location
according to the lesson we need to put the php webshell and the server need to execute em response the resulting command…
doing like the lesson on access.log are not returning the result in user-agent header
can we do it with another file?

i believe the goal is to exec a command to “ls” the “/” dir to locate the flag so we can access the file through browser. right?

i appreciate some interaction
thanks very much

Hi guys, if the log file breaks try this script, it’s the best one, it’s works perfectly GitHub - nickpupp0/LogPoisoner

1 Like