How to Turn Read-Only LFI into Full RCE (Log Poisoning Tutorial) скачать в хорошем качестве

How to Turn Read-Only LFI into Full RCE (Log Poisoning Tutorial)

In this cybersecurity demonstration, we explore how to elevate a standard Local File Inclusion (LFI) vulnerability from a "read-only" state to full Remote Code Execution (RCE). We specifically focus on Log Poisoning, a technique that leverages unsanitized HTTP headers to inject malicious payloads into server logs. What You Will Learn: The Scenario: Identifying LFI when you can read files like /etc/passwd but cannot upload new ones. Reconnaissance: Locating and accessing Apache server logs (/var/log/apache2/access.log). The Attack Vector: Understanding how the User-Agent header is recorded without sanitization. Step 1: Poisoning the Log: Using curl to inject PHP system functions into the access log. Step 2: Execution: Using directory traversal to include the poisoned log file and execute system commands like whoami. Defense & Mitigation: How to prevent these attacks by disabling PHP execution in log directories and using input allowlists. Attack Chain Summary: Identify the LFI vulnerability. Verify access to server log files. Inject PHP code via the User-Agent header. Include the log file via LFI to trigger execution. Achieve full system compromise (RCE). Disclaimer: This video is for educational purposes and ethical hacking only. Always obtain permission before testing any systems.