Day 9: Components with known vulnerabilities

Please note: This is part nine of a 10-part series on TryHackMe OWASP top 10 room

Web applications may be running on components with vulnerabilities that are known. In such cases, you may find documented exploits available online. A great place to find available exploits is exploit-db.https://www.exploit-db.com/

This challenge requires that we exploit an application that is vulnerable

Searching exploit-db for vulnerabilities on online book store applications;

The result shows an existing exploit that allows for remote code execution.

You may also use the terminal to find exploits listed in exploit-db.

Use the command $searchsploit component; In this case;

$searchsploit online book store

From the results, we can also see an RCE exploit.

You can view more information about the exploit using $searchsploit -m payload. This shows information that includes the location where the exploit is stored on the host machine.

We can see it is stored in the path: /usr/share/exploitdb/exploits/php/webapps/47887.py and copied in the home directory

Check how to use/run the exploit;

Running the command gets us a remote shell of the server