PT0-002 · Question #298
PT0-002 Question #298: Real Exam Question with Answer & Explanation
The correct answer is D: Log poisoning. {"question_number": 6, "correct_answer": "D and F", "explanation": "When an LFI vulnerability allows a tester to read Apache access logs, the natural next steps are log poisoning (D) followed by command injection (F). Log poisoning works by injecting malicious PHP code into a fie
Question
During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)
Options
- ACross-site scripting
- BServer-side request forgery
- CSQL injection
- DLog poisoning
- ECross-site request forgery
- FCommand injection
Explanation
{"question_number": 6, "correct_answer": "D and F", "explanation": "When an LFI vulnerability allows a tester to read Apache access logs, the natural next steps are log poisoning (D) followed by command injection (F). Log poisoning works by injecting malicious PHP code into a field that Apache logs - most commonly the User-Agent header (e.g., User-Agent: <?php system($_GET['cmd']); ?>). Once this payload is written into the log file, the tester uses the LFI to include that log file, causing the web server to parse and execute the injected PHP. Command injection (F) is then achieved by passing OS commands via the 'cmd' parameter, effectively turning LFI + log poisoning into Remote Code Execution (RCE). XSS, SSRF, SQLi, and CSRF are unrelated to exploiting an LFI/log access scenario.", "generated_by": "claude-sonnet", "llm_judge_score": 5}
Topics
Community Discussion
No community discussion yet for this question.