GitBook: [master] one page modified
This commit is contained in:
parent
844ab8e6df
commit
67c36f25d9
@ -301,7 +301,20 @@ If the Apache server is vulnerable to LFI inside the include function you could
|
||||
|
||||
Note that **if you use double quotes** for the shell instead of **simple quotes**, the double quotes will be modified for the string "_**quote;**_", **PHP will throw an error** there and **nothing else will be executed**.
|
||||
|
||||
This could also be done in other logs but b**e careful,** the code inside the logs could be URL encoded and this could destroy the Shell. The header **authorisation "basic"** contains "user:password" in Base64 and it is decoded inside the logs. The PHPShell could be inserted inside this header.
|
||||
This could also be done in other logs but b**e careful,** the code inside the logs could be URL encoded and this could destroy the Shell. The header **authorisation "basic"** contains "user:password" in Base64 and it is decoded inside the logs. The PHPShell could be inserted inside this header.
|
||||
Other possible log paths:
|
||||
|
||||
```python
|
||||
/var/log/apache2/access.log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/apache/error.log
|
||||
/usr/local/apache/log/error_log
|
||||
/usr/local/apache2/log/error_log
|
||||
/var/log/nginx/access.log
|
||||
/var/log/nginx/error.log
|
||||
/var/log/httpd/error_log
|
||||
```
|
||||
|
||||
### Via Email
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user