↓Skip to main content

WEBERP

OFFSEC - Proving Grounds - ERP

27 September 2025·2403 words·12 mins

OFFSEC PG PRACTICE WEBERP INOERP SSH REMOTE PORT FORWARD MONITORR

webERP on port 80 with weak credentials. SQL injection (CVE-2019-13292) reveals inoERP application, exploited for www-data access. SSH forwarding to port 8443 uncovers monitorr 1.7.6 which we can exploit for root.