Posted by Elar Lang on Nov 02

Public response also:

#1 I tested it during one pen-test case in December 2015. Exact
version was 3.2.1. I haven’t set up this environment myself.

At the moment I used “Google Hacking” to find some dotCMS.
Use search phrase inurl:/html/portal/login.jsp

From login page you can see, what is the current version on this site,
change path to /categoriesServlet and you probably can see the output
like I described in my blog post. I…