Archangel Writeup: Log Poisoning and $PATH Hijacking on TryHackMe

Credits Room: “Archangel”Creator: Archangel Introduction The Target: Exploiting LFI to get RCE via Log Poisoning The Problem: The default ../ path was filtered by the server when trying to exploit the LFI The Tools: RustScan, Feroxbuster & FFUF ...