[๐] LFI to RCE with Log Poisoning
Introduction LFI (Local File Inclusion) is a common vulnerability found in web applications, allowing an attacker to include local files in the server. LFI Log Poisoning is a technique that leverages LFI vulnerabilities to write arbitrary content to log files on the server. By doing so, an attacker can leverage a LFI to a RCE. This is the path of a vulnerable LFI : http://127.0.0.1/index.php?page=/../../../../etc/passwd The local file can be read :...