Day 9: Components with known vulnerabilities
Please note: This is part nine of a 10-part series on TryHackMe OWASP top 10 room
Web applications may be running on components with vulnerabilities that are known. In such cases, you may find documented exploits available online. A great place to find available exploits is exploit-db.https://www.exploit-db.com/
This challenge requires that we exploit an application that is vulnerable
Searching exploit-db for vulnerabilities on online book store applications;
The result shows an existing exploit that allows for remote code execution.
You may also use the terminal to find exploits listed in exploit-db.
Use the command $searchsploit component; In this case;
$searchsploit online book store
From the results, we can also see an RCE exploit.
You can view more information about the exploit using $searchsploit -m payload. This shows information that includes the location where the exploit is stored on the host machine.
We can see it is stored in the path: /usr/share/exploitdb/exploits/php/webapps/47887.py and copied in the home directory
Check how to use/run the exploit;
Running the command gets us a remote shell of the server