mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [master] one page modified
This commit is contained in:
parent
0922fcb582
commit
e3813fa4c5
1 changed files with 4 additions and 0 deletions
|
@ -310,6 +310,10 @@ login=1&user=admin&pass=password&lang=/../../../../../../../../../var/lib/php5/s
|
|||
|
||||
If ssh is active check which user is being used \(/proc/self/status & /etc/passwd\) and try to access **<HOME>/.ssh/id\_rsa**
|
||||
|
||||
### **Via** **vsftpd** _**logs**_
|
||||
|
||||
The logs of this FTP server are stored in _**/var/log/vsftpd.log.**_ If you have a LFI and can access a exposed vsftpd server, you could try to login setting the PHP payload in the username and then access the logs using the LFI.
|
||||
|
||||
### Via phpinfo\(\) \(file\_uploads = on\)
|
||||
|
||||
To exploit this vulnerability you need: **A LFI vulnerability, a page where phpinfo\(\) is displayed, "file\_uploads = on" and the server has to be able to write in the "/tmp" directory.**
|
||||
|
|
Loading…
Reference in a new issue