CMS Made Simple is a Content Management System in general such as joomla, wordpress, drupal, etc. here I will exploit the cms made simple which is found in version 2.2.5, I do this only as a web hacking lab tool, even though the version of cms made simple has reached version 2.2.15 when this article was created.
Here I have done fuzzing using owasp-zap on the login page and get a username and password.
username : root dan password : 20002000
Next, we try to log in and here I conclude that the file upload menu exists, it's just hidden by the developer.
Here I have gotten other information about the version on this cms made simple, namely 2.2.5 which is found on the web footer.
Next, here we will use the exploit that I have obtained from exploitdb.
But here we cannot just directly execute the exploit, my suggestion is to read the source code first. Here I have downloaded the source code / exploit in the form of python source code.
Please change the contents in the exploit script with the example above. if so, we will continue by running the exploit, using the command.
python nameexploit.py
we can see there is an error in the source code as below.
There is an error notifying that the list index out of range, we'll check if the source code
return location.split(csrf_param + "=")[1]
There is a usage error in python2 or not, here I will test with a simple script as shown.
print "[+] String that is being split: " + location
noted : I did not remove the author who made this script from exploitdb, I only added what was missing, because this is only for learning, I am also still learning, this tutorial is also from the results of learning.
0 Comments