Log Poisoning

PHP Session Poisoning

/var/lib/php/sessions/ on Linux

C:\Windows\Temp\ on Windows

/var/lib/php/sessions/sess_[PHPSESSID]

Steps

1. Check the /var/lib/php/sessions/sess_el4ukv0kqbvoirg7nkp4dncpk3 if we can control some session values

2. If we can control values, inject the RCE payload

3. LFI

Server Log Poisoning

https://github.com/danielmiessler/SecLists/tree/master/Fuzzing/LFI

Steps

1. Find the access/error logs location

2. inject the payload in User-Agent

3. You can also try on /proc/self/environ or /proc/self/fd/N (N is 0-50)

Other server logs

• /var/log/sshd.log

• /var/log/mail

• /var/log/vsftpd.log