Thanks to visit codestin.com
Credit goes to github.com

Skip to content

kyle41111/CuteScript

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
revshell.php
revshell.php
 
 

Repository files navigation

CuteScript

CuteNews 2.1.2 'avatar' RCE

"The attacker can infiltrate the server through the avatar upload process in the profile area. There is no realistic control of the $imgsize function in "/core/modules/dashboard.php" Header content of the file can be changed and the control can be bypassed. We can use the "GIF" header for this process. An ordinary user is enough to exploit the vulnerability. No need for admin user."

    1.Rename shell to .gif
    2.load burp
    3.Upload new profile picture, capture the request and rename the file back to "revshell.php" and forward the request.
    4.upload successful, right click and "copy image location."
    5.Start netcat on port you specified in script.
    paste image location in the search bar and click go.
    6. check back in with netcat for revshell.

About

a very short and simple php revshell I used against CuteNews 2.1.2 rce

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published