Back to directory

WRITEUP #2733

Hacking a Bank by Finding a 0day in DotCMS

RCEDirectory traversalUnrestricted file upload

by@infosec_au(Shubham Shah)

Program

-

Published

May 3, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/

▸ RELATED WRITEUPS

Hitting the jackpot with RCE!

RCEUnrestricted file upload

Traccar 5 Remote Code Execution Vulnerabilities

RCEUnrestricted file upload

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat