Exfiltrated
80
Now trying a file upload vulnerability https://www.exploit-db.com/exploits/49876:
Our exiftool version is vulnerable to this exploit. Using the exiftool exploit Transfer the required files:
create a malicious image:
in /var/www/html/subrion/uploads
Lesson Learnt
Just because a script runs in cron and uses a specific binary it might not be tricking the script and might be about the version too
Last updated