Forum Discussion

Bronze III

9 months ago

Solved

dotCMS Remote Code Execution (CVE-2022-26352)

Hi all, I completed all steps and got RCE, I thought I found the password but lab says its not valid. Please check the screenshots. Is it a lab error or..?

Thanks in advance

help & support

offensive cyber

ChrisKershaw
9 months ago
Hey AtakanBal

I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

Does that help at all?

3 Replies

ChrisKershaw
Community Support
9 months ago
Hey AtakanBal

I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

Does that help at all?
- AtakanBal
  Bronze III
  9 months ago
  Ahh, Yes! Thank you.
TillyCorless
Community Manager
9 months ago
Hi AtakanBal thanks for asking on the community. I'll check this with the lab author and get back to you!

Forum Discussion

dotCMS Remote Code Execution (CVE-2022-26352)

3 Replies

Featured Places

Help & Support Forum

Related Content

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Crisis Ready: Mastering the Design and Execution of Simulation for Real-World Resilience

New CTI Lab: Stealth Falcon (CVE-2025-33053) – WebDAV Server Remote Code Execution

Level Up Your Resilience: Planning and Executing Effective Cyber Drills with Immersive

Recent Discussions

AI: Plugin Injection - Demonstrate Your Skills

A Letter to Santa

Hack Your First Web App: Ep.6 - Hydra

GuardDuty: Demonstrate Your Skills

Infrastructure Hacking: Responder Network Poisoning