Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CVE Hunting by @c0nqu3ror

Owasp
September 11, 2021

CVE Hunting by @c0nqu3ror

Owasp

September 11, 2021
Tweet

More Decks by Owasp

Other Decks in Technology

Transcript

  1. Whoami? • I am Suraj Bhosale and I go online

    by the alias @c0nqu3ror • Application Security Mentor @eClinicalWorks Pvt Ltd • Bug hunter @hackerone @synack • I focus on Web application, API and Network VAPT.
  2. Agenda • CVE Overview • How to Get CVE IDs

    • Approach • Hints for CVE Hunting • Questions and Answers
  3. CVE Overview • Common Vulnerabilities and Exposures (CVE) is a

    database of publicly disclosed information security issues. • CVE provides a convenient, reliable way for vendors, enterprises, and all other interested parties to exchange information about cyber security issues. • Enterprises typically use CVE, and corresponding CVSS scores, for planning and prioritization in their vulnerability management programs. Example CVE ID : CVE-2021-28294
  4. How to Get CVE IDs • You have identified a

    new or previously unassigned vulnerability in any product. • You have attempted to contact the vendor/developer of the affected product. 1. If the vendor is a CNA: they will assign the CVE ID for you. 2. If the vendor is not a CNA: to verify whether the issue has already been reported or if another CVE ID has already been assigned for the issue. https://cveform.mitre.org/
  5. How to Get CVE IDs • If you are working

    with a Coordination Center (like CERT/PSIRT), they will direct you to contact CVE at the right time. • The vulnerability does not have to be public before you request a CVE ID, but it does need to be public to be included in the CVE List.
  6. Approach • Find a vulnerability in a product. • Request

    to Vendor with Responsible Disclosure. • Publish your exploit on your blog or by sending an email to [email protected] (exploit-db) • Share the published link to CVE Mitre. • Take a follow-up after 48 hrs.
  7. Hints For CVE Hunting • Content Management System(CMS) 1) Wordpress

    2) Joomla 3) Drupal 4) Magento (e-commerce) • Product Web Portal(Wifi router, Network Firewall etc) • Finding products on exploit-db • Finding products on CVE Mitre.