Exploiting Docker Container with E-Commerce Website

We demonstrated gaining root access to a docker container running a web server with an SQL database. We started off by exploiting a reflected XSS vulnerability in the website that is running an e-commerce marketplace. This enabled us to proceed and gain administrative access to the admin account where we discovered an SQL injection that let us go further and reveal the database records. We used the records to login as SSH and perform privilege escalation by exploiting the wild card in the archiving tool tar which eventually landed us in a docker container. By mounting the root file system to a container of our choice, we were able to extract the root flag. This was part of TryHackMe The Marketplace.

Get OSCP Notes

Room Answers

What is flag 1?

What is flag 2? (User.txt)

What is flag 3? (Root.txt)

Video Walkthrough

Dockers, tryhackme, TryHackMe The Marketplace

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

Penetration Testing 101 | TryHackMe Pentesting Fundamentals

HackTheBox EvilCUPS Walkthrough | Exploiting Linux CUPS Printers

Windows Forensics With Autopsy & Registry Explorer | TryHackMe Unattended