Description: Many web administrators save the logs of their accesses on a PHP log file. This video shows the vulnerability of this kind of habit, as we can inject arbitrary PHP code into a log file simply by changing an information that we send to the web server and will be logged (like user agent). That code will be then executed on the server as soon as the web admin reads log files via browser.
Tags: shell injection, log poisoning
A high resolution version of the video can be downloaded here.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.