TarTarSaurce... i feel retartar

I feel like such a plank. So without giving too much away, im in the administration panel… i know in my mind I have to get something uploaded and then execute it. Ive enumerated the shit out of it (yet evidently not enough) and even found a flaw with the installation as ive downloaded the CMS offline. It exposes the usernames to unauthenticated users. Thats of little use here though. Monstra CMS 3.0.4 Unauthenticated User Credential Exposure – Simple Information Security Tutorials (CVE-2018-11480)

Ive been burping everything including the sub functions like creating pages, but feel i might be missing a trick. Its quite evident that its been developed dettached from the original CMS so a lot of the functionality is not as designed. Any suggested reading on web enumeration that could help?

some rabbit holes…

Youre telling me. It was clear from the get go that theres loads of holes. Im just getting annoyed cause i know when i find the answer ill want to slap myself!

I’m not sure how much this will help, since I’m stuck on user also, but there is another webapp on the server that you might not have found. I think Dirbuster didn’t pick it up for me because it returns a 404 status, but it has content.

I managed to find it using Wfuzz and using a fuzz url without a trailing slash, because that will pick up some redirects that Dirbuster might miss, because Dirbuster seems to always add the trailing /

… as i previously stated ill feel like an idiot.

Thanks guys… and ps… fuck dirbuster and my reliance on it!!!

Spoiler Removed - Arrexel

@T3jv1l. Enumerate the plugin and research it

Any Idea else of replicating ? If not, Hint for TartarSauce! — Hack The Box :: Forums

@tarpancake i found exploit but i dont know how to put php reverse in my root Document

@T3jv1l said:
@tarpancake i found exploit but i dont know how to put php reverse in my root Document

pm me.

stucked at uploading reverse shell…

5h377.daFUQ

If anyone could PM me a hint, I’ll love you forever