HTB Sea Walkthrough Exploiting XSS in WonderCMS for System Access
/ 1 min read
🌊💻 Walkthrough of the Sea machine on Hack The Box reveals key vulnerabilities. The Sea machine, categorized as easy, features a critical cross-site scripting (XSS) vulnerability (CVE-2023-41425) in WonderCMS, allowing for malicious module uploads and system access. The walkthrough details the process of exploiting this vulnerability, starting with an Nmap scan to identify open ports and services, followed by web enumeration to uncover sensitive files. The author successfully executes a proof of concept to gain a reverse shell and subsequently escalates privileges to access user and root flags. The write-up emphasizes the importance of securing web applications against such vulnerabilities and provides insights into the exploitation process for educational purposes.
