Forum Discussion

Advocate

1 year ago

Solved

dotCMS Remote Code Execution (CVE-2022-26352)

Hi all, I completed all steps and got RCE, I thought I found the password but lab says its not valid. Please check the screenshots. Is it a lab error or..? Thanks in advance

help & support

offensive cyber

ChrisKershaw
1 year ago
Hey AtakanBal

I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

Does that help at all?

ChrisKershaw

Community Support

1 year ago

Hey AtakanBal

I can share some guidance from our internal lab guide if this helps you at all? Have you tried running the 'env' command in the webshell? The answer should be within the DB_PASSWORD variable.

Does that help at all?

AtakanBal

Advocate

1 year ago

Ahh, Yes! Thank you.

Forum Discussion

dotCMS Remote Code Execution (CVE-2022-26352)

Featured Places

Help

Related Content

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

CVE-2018-16858 (LibreOffice Remote Code Execution)

Crisis Ready: Mastering the Design and Execution of Simulation for Real-World Resilience

CVE-2025-53770 - Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server

Recent Discussions

Jinja2 Pen test

PowerShell Basics: Demonstrate Your Skills

IoT & Embedded Devices: Certificate Underpinning

Modern Maze

Elastic Data Ingest: Demonstrate Your Skills Q9