VoxLink
VoxLink Communications' customer portal and help system for business phone service clients. Professional document access with hidden vulnerabilities.
The Scenario
VoxLink Communications built a streamlined customer portal for their business phone service clients. The portal allows customers to access billing statements, usage reports, and phone system configuration files. They also maintain a comprehensive help system at help.voxlink.local.
As a security researcher, you've been asked to test both the main portal and help system. The features seem professional and well-built, but sometimes the most polished interfaces hide the most interesting vulnerabilities. Start by exploring the customer portal and see what other services you can discover.
Lab Intel
Synopsis
VoxLink's help system has an LFI vulnerability in its documentation viewer that can be chained with log poisoning to achieve RCE.
Architecture
A medium-difficulty lab built on PHP/Apache demonstrating LFI → log poisoning → RCE attack chain in a realistic telecommunications business application with multiple subdomains.
Who It's For
Players comfortable with LFI basics who want to learn advanced exploitation techniques like log poisoning and subdomain discovery.
Skills You'll Practice
- Local file inclusion and path traversal techniques
- Apache log analysis and file location discovery
- HTTP header injection for log contamination
- Vulnerability chaining for privilege escalation
- Subdomain enumeration and service discovery
What You'll Gain
- Understanding how LFI can escalate to full RCE
- Experience with log poisoning attack vectors
- Knowledge of Apache log file locations and formats
- Skills in chaining multiple vulnerabilities across subdomains