Forum Discussion
Bronze IIWeb App Hacking (Lab series): CVE-2022-2143 (iView2)
Bluesman, I have been able to get this working with the help of support. Although the lab specifically provides the exploit to use in the payload, it does not appear to be accurate. (Even any additional articles/examples I found from y4er or others do not seem to include this)
The key is that the exploit payload must include the split command to extract the arguments that are comma separated. So {99,109,100})).split(\",\")).start(). This explains why a command like whoami, or some others that don't require arguments work fine, and why the error that we continued to get indicating "cmd,/c,xxxxxx" command not found seemed to be interpreted as the single name of a command.
Once you include this split in the payload, I think you will have luck with just comma separating the arguments discussed earlier. !!Don't forget to URL encode that space in type C:\token.txt!!
I hope that sheds a little light and helps you through this one!
J
Bronze IIIHi SamDickison
I haven't had time in the last few days... but yes, I hope to be able to complete this lab!.
Best regards,
Bronze IIIHi, SamDickison
Finally solved! :)
- SamDickison
Community Manager
Wonderful! Was it netcat's help or did you figure it out? I'm wondering if we can "Mark as Solution" on a particular reply to this thread.
- Bluesman
Specifically, I was able to complete this lab with the advice of JWhit101 on this thread, regarding split * (I believe that advice can be highlighted as "Mark As Solution").
* https://community.immersivelabs.com/discussions/help/web-app-hacking-lab-series-cve-2022-2143-iview2/2297/replies/2366
- SamDickison
Nice. When anyone clicks the Mark as Solution button it moves the post into the solved part of the forum so others with the same question can find it there.
I clicked it this time for simplicity :-)
