I feel like such a plank. So without giving too much away, im in the administration panel… i know in my mind I have to get something uploaded and then execute it. Ive enumerated the ■■■■ out of it (yet evidently not enough) and even found a flaw with the installation as ive downloaded the CMS offline. It exposes the usernames to unauthenticated users. Thats of little use here though. https://simpleinfosec.com/2018/05/27/monstra-cms-3-0-4-unauthenticated-user-credential-exposure/ (CVE-2018-11480)
Ive been burping everything including the sub functions like creating pages, but feel i might be missing a trick. Its quite evident that its been developed dettached from the original CMS so a lot of the functionality is not as designed. Any suggested reading on web enumeration that could help?
Youre telling me. It was clear from the get go that theres loads of holes. Im just getting annoyed cause i know when i find the answer ill want to slap myself!
I’m not sure how much this will help, since I’m stuck on user also, but there is another webapp on the server that you might not have found. I think Dirbuster didn’t pick it up for me because it returns a 404 status, but it has content.
I managed to find it using Wfuzz and using a fuzz url without a trailing slash, because that will pick up some redirects that Dirbuster might miss, because Dirbuster seems to always add the trailing /
… as i previously stated ill feel like an idiot.
Thanks guys… and ps… ■■■■ dirbuster and my reliance on it!!!
Spoiler Removed - Arrexel
@T3jv1l. Enumerate the plugin and research it
@tarpancake i found exploit but i dont know how to put php reverse in my root Document
stucked at uploading reverse shell…
5h377.daFUQ
If anyone could PM me a hint, I’ll love you forever