Monday, May 14, 2012

From LOW to PWNED [8] Honorable Mention: Log File Injection

Post [8] Honorable Mention: Log File Injection

So this didn't make it into the talk, but was in the hidden slides...

not positive this is a "low" but a friend suggested it, so here you go.

Goes like this:
Request gets logged
Something malicious gets written commonly something like a one line PHP backdoor

  1. 1.  Use an LFI vulnerability to browse to page get shell
    1. Example 1:  Php Shell Injection On A Website Through Log Poisoning http://www.securitytube.net/video/167
    2. Rails 3.0.5 Log File Injection http://packetstormsecurity.org/files/99282/Rails-3.0.5-Log-File-Injection-Proof-Of-Concept.html
    3. http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
    4. Example 2: BURP SUITE - PART IV: LFI EXPLOIT via LOG INJECTION  http://kaoticcreations.blogspot.com/2011/12/burp-suite-part-iv-lfi-exploit-via-log_20.html
  2. 2. Wait for an admin to view logs and do whatever you did (XSS)
    1. Example 1: http://xforce.iss.net/xforce/xfdb/50170
    2. Example 2: http://www.securityfocus.com/archive/1/464471

Can also do fun stuff like this (TNS Logfile injection in Oracle)



1 comment:

CG said...

http://techsnow.net/blog/2012/05/30/breaking-the-bank-website-or-from-lfi-to-rce/