The following page was given by the task:
Without second thoughts, it’s clear this is about an LFI so I took the straightforward approach:
The source code of eg.php
had nothing useful, so I tried index.php
instead and found a filter.
After some attempts on getting the index.php
source code without success, I decided to try other ways, like Apache’s logs.
Some hours went by and the log infecction attempts were unsuccessful, because the URLs in the log files where URL encoded. Then an idea on trying to infect the log files through the User-agent
came up, via “Alisson Bezerra”.
And that worked…