We covered the solution of G0rmint Vulnhub lab by applying log file poisoning in a website based on PHP to execute system command.
The Complete Practical Web Application Penetration Testing Course
Description
It is based on a real world scenario I faced while testing for a client’s site. Dedicated to Aunty g0rmint who is fed up of this government (g0rmint). Does anyone need to know about that Aunty to root the CTF? No The CTF is tested on Vmware and working well as expected. Difficulty level to get limited shell: Intermediate or advanced Difficulty level for privilege escalation: No idea.
Log File Poisoning | Log Injection
Log files are generally used by applications to keep track of past events or transactions for review, data collection, or troubleshooting. Reviewing log files can be done manually as needed, depending on the application, or automatically using a tool that sifts through logs looking for noteworthy occurrences or trending data.
An attacker may be able to spoof log entries or introduce malicious content by writing invalidated user input into log files. We refer to this as log injection.
Vulnerabilities involving log injection arise when:
An application receives data from an unreliable source.
An application or system log file receives the data.
Effective log injection assaults may result in:
New or fake log events are injected (log forging via log injection)
XSS attack injection, with the goal of getting a malicious log event to be read in a weak web application
injection of commands capable of being executed by parsers (such as PHP parsers)
A frequent web application vulnerability is local file inclusion, which gives hackers access to read private server files and occasionally even run remote commands. This occurs when poorly designed code or improper input validation occur.
Video Walkthrough
