Hello sunny day ! Because of CTF competition training , I 'll continue practicing with VulnHub
As the entry's tittle , let's do this !
+GATHERING INFORMATION : After scanning the provided system (both manual and automatic ) , I figure out some stuff :
- OS : Linux 2.6.X
- Web Server ; Apache httpd 2.2.6 ((Fedora))
- DBMS : MySql 4.1.2
- PHP 5.2.4
+VULNERABILITIES :
- LFI
+EXPLOIT : with LFI , I surf around and trying some payloads , but It doesn's work . I found out 3 forms for input login credential
And all of them seem invulnerable to SQLi .
After some hours googling , fortunately I figure out how to bypass the authentication of NanoCMS
Bingo ! I already have the admin cred !
login successfully !
Manually surfing this page , I figure out the place allow me to create a new page
I decide to create a php simple shell to test this function , and It works!