Log poisoning
/var/log/apache2/access.log
When the web application is using an Apache 2 server, the access.log
may be accessible using an LFI.
About
access.log
: records all requests processed by the server.About netcat: using netcat avoids URL encoding.
There are some variations of the access.log
path and file depending on the operating system/distribution:
RHEL / Red Hat / CentOS / Fedora Linux Apache access file location:
/var/log/httpd/access_log
Debian / Ubuntu Linux Apache access log file location:
/var/log/apache2
/access.logFreeBSD Apache access log file location:
/var/log/httpd-access.log
Windows Apache access log file location: ****
C:\xampp\apache\logs
Or if the web server is under Nginx :
Linux Nginx access log file location:
/var/log/nginx/access.log
Windows Nginx access log file location:
C:\nginx\log
/var/log/apache/error.log
This one is similar to the access.log
, but instead of putting simple requests in the log file, it will put errors in error.log
.
Last updated