So this didn't make it into the talk, but was in the hidden slides...
not positive this is a "low" but a friend suggested it, so here you go.
Goes like this:
Request gets logged
Something malicious gets written commonly something like a one line PHP backdoor
Can also do fun stuff like this (TNS Logfile injection in Oracle)
not positive this is a "low" but a friend suggested it, so here you go.
Goes like this:
Request gets logged
Something malicious gets written commonly something like a one line PHP backdoor
- 1. Use an LFI vulnerability to browse to page get shell
- Example 1: Php Shell Injection On A Website Through Log Poisoning http://www.securitytube.net/video/167
- Rails 3.0.5 Log File Injection http://packetstormsecurity.org/files/99282/Rails-3.0.5-Log-File-Injection-Proof-Of-Concept.html
- http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
- Example 2: BURP SUITE - PART IV: LFI EXPLOIT via LOG INJECTION http://kaoticcreations.blogspot.com/2011/12/burp-suite-part-iv-lfi-exploit-via-log_20.html
- 2. Wait for an admin to view logs and do whatever you did (XSS)
- Example 1: http://xforce.iss.net/xforce/xfdb/50170
- Example 2: http://www.securityfocus.com/archive/1/464471
Can also do fun stuff like this (TNS Logfile injection in Oracle)
