From LOW to PWNED [8] Honorable Mention: Log File Injection
来源:互联网 发布:知乎是什么样的软件 编辑:程序博客网 时间:2024/05/29 08:09
So this didn't make it into the talk, but was in the hidden slides...
not positive this is a "low" but a friend suggested it, so here you go.
Goes like this:
Request gets logged
Something malicious gets written commonly something like a one line PHP backdoor
Can also do fun stuff like this (TNS Logfile injection in Oracle)
not positive this is a "low" but a friend suggested it, so here you go.
Goes like this:
Request gets logged
Something malicious gets written commonly something like a one line PHP backdoor
- 1. Use an LFI vulnerability to browse to page get shell
- Example 1: Php Shell Injection On A Website Through Log Poisoning http://www.securitytube.net/video/167
- Rails 3.0.5 Log File Injection http://packetstormsecurity.org/files/99282/Rails-3.0.5-Log-File-Injection-Proof-Of-Concept.html
- http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
- Example 2: BURP SUITE - PART IV: LFI EXPLOIT via LOG INJECTION http://kaoticcreations.blogspot.com/2011/12/burp-suite-part-iv-lfi-exploit-via-log_20.html
- 2. Wait for an admin to view logs and do whatever you did (XSS)
- Example 1: http://xforce.iss.net/xforce/xfdb/50170
- Example 2: http://www.securityfocus.com/archive/1/464471
Can also do fun stuff like this (TNS Logfile injection in Oracle)
- From LOW to PWNED [8] Honorable Mention: Log File Injection
- From LOW to PWNED [10] Honorable Mention: FCKeditor
- From LOW to PWNED [11] Honorable Mention: Open NFS
- From LOW to PWNED [6] SharePoint
- From LOW to PWNED [12] Trace.axd
- From LOW to PWNED [3] JBoss/Tomcat server-status
- From SQL injection to shell II
- log to file
- 浅析"Sublabel-Accurate Relaxation of Nonconvex Energies" CVPR 2016 Best Paper Honorable Mention
- SQL Injection --low
- Mention
- Log to file in Qt.
- [深度学习论文笔记][CVPR 17 Best Paper Honorable Mention] Annotating Object Instances with a Polygon-RNN
- DVWA - SQL Injection (Blind) (low)
- file.alert - log alert to a file
- From SQL Injection To 0wnage Using SQLMap
- Pentester Lab学习计划之From SQL Injection to Shell II
- convert from HICON to file
- From LOW to PWNED [10] Honorable Mention: FCKeditor
- 如何快速查看oracle服务名连接的数据库的信息
- GameCanvas类
- AVL树的实现
- ff 插件
- From LOW to PWNED [8] Honorable Mention: Log File Injection
- 软件工程-----高内聚低耦合
- Hadoop---在window下的安装配置----基于cygwin的
- 使Javascript字符串换行
- 对oracle几种锁模式的理解 [复制链接]
- sql 多条件显示,case when then else edn详细说明。
- 工作上使用的Oracle重要sql手册
- 纯Javascript图表 Highcharts
- 自己写的一个IO流和网络编程相结合的小程序