- This topic has 6 replies, 2 voices, and was last updated 4 years, 4 months ago by Diego Pérez.
- AuthorPosts
- June 9, 2020 at 9:30 pm #39573RiccardoParticipant
Hi,
I’m at lecture 8.3
When i try to enter to http://IP_ADDRESS/dvwa/vulnerabilities/fi/?page=../../../../var/log/auth.log return to me:Warning: include(../../../../var/log/auth.log) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/vulnerabilities/fi/index.php on line 35 Warning: include() [function.include]: Failed opening '../../../../var/log/auth.log' for inclusion (include_path='.:/usr/share/php:/usr/share/pear:../../external/phpids/0.6/lib/') in /var/www/dvwa/vulnerabilities/fi/index.php on line 35 Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 324 Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 325 Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 326
The security level is set to low. Same problem with medium security level. Is there anything else I can try?
Best, R.F.
June 10, 2020 at 4:55 am #39585Diego PérezModeratorHi Riccardo!
Can you try to add a couple more ../../ to your injection?Let me know how it goes!
DiegoJune 10, 2020 at 11:53 am #39594RiccardoParticipantHi Diego,
it return the same error, maybe I’m using a wrong metasploitable version?Best, R.F.
June 11, 2020 at 5:35 am #39649Diego PérezModeratorHi Riccardo!
You can try to import a new metasploitable, did you download it from official Rapid7 site?
Let me know.
DiegoJune 11, 2020 at 2:00 pm #39678RiccardoParticipantHi Diego,
I downloaded it from the official Rapid7 website. Now I try to re-download and import the virtual machine again. I’ll keep you updated 🙂Best, R.F.
June 11, 2020 at 3:34 pm #39683RiccardoParticipantHi again,
now all it is working 🙂
Best,
R.F.June 12, 2020 at 5:06 am #39738Diego PérezModeratorHi Riccardo!
Cool you got it!I’ll suggest to keep a copy of the downloaded file, I have break metasploitable many times and keeping a copy is time saving 🙂
Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.