Arbitrary File Upload
The target Textpattern CMS instance on the 192.168.207.219 host supports file upload.
/Play/DriftingBlues6/3-Exploitation/attachments/{3CCE10A1-FF3A-4F60-AB2D-33514560DE99}.png)
/Play/DriftingBlues6/3-Exploitation/attachments/{1339D627-E0C7-4829-8763-888F43729CF3}.png)
Payload successfully uploaded.
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/driftingblues6]
└─$ curl -s http://$IP/textpattern/files/shell.phpInvoking the RevShells
/Play/DriftingBlues6/3-Exploitation/attachments/{BBF08FA2-4F1A-41FB-B8D6-00EB6A9CE9BA}.png)
Initial Foothold established to the driftingblues(192.168.207.219) host as the www-data account via arbitrary file upload.