CVE Hunting by @c0nqu3ror

Slide 1

Slide 1 text

Getting Your First CVE OWASP DKTE

Slide 2

Slide 2 text

Whoami? • I am Suraj Bhosale and I go online by the alias @c0nqu3ror • Application Security Mentor @eClinicalWorks Pvt Ltd • Bug hunter @hackerone @synack • I focus on Web application, API and Network VAPT.

Slide 3

Slide 3 text

Agenda • CVE Overview • How to Get CVE IDs • Approach • Hints for CVE Hunting • Questions and Answers

Slide 4

Slide 4 text

CVE Overview • Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. • CVE provides a convenient, reliable way for vendors, enterprises, and all other interested parties to exchange information about cyber security issues. • Enterprises typically use CVE, and corresponding CVSS scores, for planning and prioritization in their vulnerability management programs. Example CVE ID : CVE-2021-28294

Slide 5

Slide 5 text

How to Get CVE IDs • You have identified a new or previously unassigned vulnerability in any product. • You have attempted to contact the vendor/developer of the affected product. 1. If the vendor is a CNA: they will assign the CVE ID for you. 2. If the vendor is not a CNA: to verify whether the issue has already been reported or if another CVE ID has already been assigned for the issue. https://cveform.mitre.org/

Slide 6

Slide 6 text

How to Get CVE IDs • If you are working with a Coordination Center (like CERT/PSIRT), they will direct you to contact CVE at the right time. • The vulnerability does not have to be public before you request a CVE ID, but it does need to be public to be included in the CVE List.

Slide 7

Slide 7 text

Approach • Find a vulnerability in a product. • Request to Vendor with Responsible Disclosure. • Publish your exploit on your blog or by sending an email to [email protected] (exploit-db) • Share the published link to CVE Mitre. • Take a follow-up after 48 hrs.

Slide 8

Slide 8 text

Hints For CVE Hunting • Content Management System(CMS) 1) Wordpress 2) Joomla 3) Drupal 4) Magento (e-commerce) • Product Web Portal(Wifi router, Network Firewall etc) • Finding products on exploit-db • Finding products on CVE Mitre.