CVE-2017-12419
The target MantisBT instance appears to be likely be vulnerable to CVE-2017-12419
/Practice/Mantis_OffSec/3-Exploitation/attachments/{1EB3CB77-21A4-402C-9DEC-9C264E782C68}.png)
A vulnerability was found in MantisBT up to 2.5.2 (Bug Tracking Software). It has been rated as problematic. This issue affects an unknown part of the file admin/. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.
Exploit
/Practice/Mantis_OffSec/3-Exploitation/attachments/{62FF5FD3-8FB0-4136-A4B3-B005682C8BB5}-1.png)
The author of the article included a repository to act as a rogue MySQL server to read files on the target system
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mantis_offsec]
└─$ git clone https://github.com/allyshka/Rogue-MySql-Server ; cd Rogue-MySql-Server
Cloning into 'Rogue-MySql-Server'...
remote: Enumerating objects: 23, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 23 (delta 7), reused 6 (delta 6), pack-reused 14 (from 1)
Receiving objects: 100% (23/23), 5.95 KiB | 5.95 MiB/s, done.
Resolving deltas: 100% (9/9), done.Cloning the repo to Kali