Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution
- Configure config section in exploit.py source code.
- Set up a proxy configuration in config section if you're into that.
- Run script
python3 exploit.py http://localhost/admin - You'll get back a crappy webshell. Use this to get a real reverse shell. You may have to URL encode your commands.
Note: If you enter a command and you get back HTML your cookie timed out. Just run exploit.py again.
