GreenCMS is a free and open source CMS developed in PHP.
GreenCMS (2.3.0603) is vulnerable to a Sensitive Information Disclosure documented in CVE-2018-12604. Your mission is to find and exploit this vulnerability. The following username and passwords may be used to explore the application and/or find a vulnerability which might require authenticated access:
- Username: admin
- Password: password1
Level difficulty: Easy
Category: Webapps CVEs > Remote Code Execution
CVE-2018-12604 referse to an Information Disclosure vulnerability on GreenCMS version 2.3.0603 application.
In my case I was provided with the following application:
Following the exploit for CVE-2018-12604 (https://www.exploit-db.com/exploits/44922/) we will obtain the following informations from the public aviable directory listing: