Subrion CMS Pentesting
Subrion is a content management system (CMS).
File Upload to Reverse Shell (Credential Required)
1. Download Reverse Shell Payload
Get the PHP payload from php-reverse-shell. And change the file extension to '.phar'.
Then start a listener.
2. Upload the Payload in Subrion Panel
-
Login
-
Move to Content -> Uploads in Panel
-
Upload reverse-shell.phar
-
Access to /subrion/upload/reverse-shell.phar
Now you get a shell.