Skip to content

Latest commit

 

History

History

Modify-theme-to-include-php-code

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
imgs
imgs
 
 
README.md
README.md
 
 
technique.json
technique.json
 
 

README.md

SweetRice - Modify theme to include PHP code

Requirements

  • A valid username and password of a user with admin rights on SweetRice.

Exploitation

Accessing the dashboard

Connect with a user with administrative rights on SweetRice at http://TARGET/as/.

Accessing the theme-editor

Now access the theme-editor in "Theme" at http://TARGET/as/?type=theme

Then edit the theme to add PHP code inside the page:

You can find reverse shell PHP payloads here: https://podalirius.net/en/articles/unix-reverse-shells-cheatsheet/#php

Enjoy your shell

Now, prepare your listener with netcat (nc -lvp <port>) [here we use pwncat] and enjoy your shell:

References