Based on the information gathered in our enumeration, we can see there are several paths to potentially exploit the target. We will focus on CVE-2012-1823.
This CVE appeared on nuclei, and also by checking the PHP version, we can see that there is a common exploit against this service.
Doing a quick google search we see the following:
Clicking on the Exploit-DB link we see the following:
Exploit-DB (Exploit Database) is a comprehensive archive of public exploits and corresponding vulnerable software, maintained by Offensive Security. It serves as a valuable resource for penetration testers, security researchers, and IT professionals, providing a centralized repository of known vulnerabilities, proof-of-concept code, and exploit scripts. The database is regularly updated with new entries and is freely accessible, allowing users to search for and download exploits based on various criteria such as software version, type of vulnerability, and platform.
We can also use the searchsploit command in our kali vm.
The searchsploit command is a powerful tool that allows users to search through the Exploit Database directly from the command line, enabling quick and efficient identification of relevant exploits and vulnerabilities for specific software versions and platforms. It streamlines the process of finding exploits by providing a local copy of the database that can be queried offline.
We are interested in the metasploit module as this can give us quick shell access to the target.