HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE

A comprehensive penetration testing guide exploiting Apache CXF XOP/MTOM file inclusion, HoverFly middleware command injection, and a world-writable /bin/bash privilege escalation to achieve full root compromise.

March 30, 2026 • views • 17 min read • 2,527 words

Havoc

hackthebox 19 htb 23 linux 7 cve-2022-46364 cve-2022-46363 apache-cxf xop-mtom lfi 2 local-file-inclusion soap jar-analysis cfr-decompiler hoverfly jwt-authentication middleware-injection rce 4 command-injection ftp-enumeration anonymous-ftp reverse-shell 3 privilege-escalation 10 world-writable-binary suid-exploitation sudo-abuse 2 bash-replacement nmap 5 season10 3 medium-difficulty 3

🔒 Content Locked

This writeup is password-protected to comply with HTB rules.

📧 Need access? Enter the password.

HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE

🔒 Content Locked

☕ Support My Work

Comments

🔒 Content Locked

☕ Support My Work

Related Articles

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

Conversor Hack The Box Writeup & Walkthrough (XSLT Injection, Linux PrivEsc)

Comments