W-LOG-POISONINGExecution

Log Poisoning + LFI

Inject PHP/JSP into a logged value (User-Agent, Referer), then LFI the log file to execute it server-side.

§ Where this technique fits

W-LOG-POISONING is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

LFI → log poisoning → RCE
Local file inclusion that reads the web server's access log. Send a request whose User-Agent contains PHP, then LFI the log file to execute it.
step 3 / 6

§ What commonly comes next

01
Local File Inclusion (LFI)
W-LFI · Lateral Movement
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

LFI → log poisoning → RCE

§ What commonly comes next