11.7.6
Find a readable database configuration and read the password. The user we exploited in the XSS was not an administrator of the application. Use the database password to elevate privileges of the “viewer” user to the administrator and reset the password to allow you to login. The openITCOCKPIT application allows administrative users to create custom commands. Using this feature and an administrator’s account, find and “exploit” this feature.