⚡️Oops, They Logged It! Turning LFI into Remote Shell Like a Pro ⚔️
1 min read
Summary
The blogger recounts how they discovered a vulnerability in a target’s system allowing them to go from Local File Inclusion (LFI) to gaining remote shell access.
Starting with reconnaissance, they used a variety of tools to scan the target’s domains for potential vulnerabilities.
After finding a URL for a file rendering service, they tested for LFI by inserting a payload to access the target’s /etc/passwd file.
From here, they exploited log poisoning and regained LFI, this time with the ability to modify the target’s logs.
Finally, they injected a new payload in the log file that would allow them to access a remote shell on the target system.
They emphasize that awareness of these vulnerabilities and the potential for chaining multiple vulnerabilities together to achieve remote access is critical for cybersecurity today.