Subrion CMS Pentesting
Last modified: 2023-02-20
Subrion is a content management system (CMS).
File Upload to Reverse Shell (Credential Required)
1. Download Reverse Shell Payload
Get the PHP payload from php-reverse-shell. And change the file extension to '.phar'.
Then start a listener.
nc -lvnp 4444
2. Upload the Payload in Subrion Panel
Move to Content -> Uploads in Panel
Access to /subrion/upload/reverse-shell.phar
Now you get a shell.