Forum Discussion

AtakanBal's avatar
AtakanBal
Icon for Bronze III rankBronze III
27 days ago

dotCMS Remote Code Execution (CVE-2022-26352)


Hi all, I completed all steps and got RCE, I thought I found the password but lab says its not valid. Please check the screenshots. Is it a lab error or..?

Thanks in advance

 

  • Hey AtakanBal

    I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

    Does that help at all? 

  • ChrisKershaw's avatar
    ChrisKershaw
    Icon for Community Support rankCommunity Support

    Hey AtakanBal

    I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

    Does that help at all?