Forum Discussion

Bronze III

15 days ago

dotCMS Remote Code Execution (CVE-2022-26352)

Hi all, I completed all steps and got RCE, I thought I found the password but lab says its not valid. Please check the screenshots. Is it a lab error or..? Thanks in advance

help & support

offensive cyber

ChrisKershaw
10 days ago
Hey AtakanBal

I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

Does that help at all?

ChrisKershaw

Community Support

10 days ago

Hey AtakanBal

I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

Does that help at all?

AtakanBal
Bronze III
10 days ago
Ahh, Yes! Thank you.

Forum Discussion

dotCMS Remote Code Execution (CVE-2022-26352)

Related Content

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Crisis Ready: Mastering the Design and Execution of Simulation for Real-World Resilience

New CTI Lab: CUPS Remote Code Execution Vulnerability – Defensive

Re: Cybersecurity Results Month

New CTI Labs: CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive and Defensive

Recent Discussions

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Foundational Static Analysis: Analyzing Structures