Web Hacking Tips
  • Web App Hacking Tips & Tricks
  • Weekly Tips
    • Week 1 - XSS Filter Evasion
    • Week 2 - CSRF Token Bypass
    • Week 3 - CORS Exploitation
    • Week 4 - Finding XSS
    • Week 5 - CSRF Explanation
    • Week 6 - XSS Types
    • Week 7 - Advanced SQLMap
    • Week 8 - Stealing HttpOnly Cookies from PHPINFO
    • Week 9 - SQLMap Tamper Scripts
    • Week 10 - XSS Obfuscated Payloads
    • Week 11 - XS-Search: Cross-Origin Enumeration
    • Week 12 - Subdomain Takeovers
    • Week 13 - XSS Keylogger
    • Week 14 - Algolia API Keys
    • Week 15 - GraphQL Introspection
    • Week 16 - Naming BurpSuite Repeater Tabs
    • Week 17 - GoBuster Tips
    • Week 18 - Burp Request to Python Script
    • Week 19 - Customizing Nikto Scans
    • Week 20 - Google Phishing Page
    • Week 21 - Google BITB
    • Week 22 - XSS Through SVG File
    • Week 23 - FoxyProxy Extension
    • Week 24 - CSP Bypasses
    • Week 25 - Pilfering LocalStorage with XSS
    • Week 26 - Cloud SSRF
    • Week 27 - Blind XSS
    • Week 28 - Firebase Misconfigurations
    • Week 29 - XSS to CSRF
  • Week 30 - SQLMap Debugging
  • Week 31 - WayBack Machine
  • Week 32 - O365 BITB
  • Week 33 - Burp Intruder Attacks
  • Week 34 - GraphQL Bruteforcing
  • Week 35 - User Accounts
  • Week 36 - CVE Submission
  • Week 37 - Second Order SQLi
  • Week 38 - Out of Band SQLi
  • Week 39 - Broken Link Hijacking
  • Week 40 - JWT Testing
  • Week 41 - BURP ATOR
  • Week 42 - ProxyChains
  • Week 43 - CSS Keylogging
  • Week 44 - SVG SSRF
  • Week 45 - Request Smuggling
  • Week 46 - XSS Payloads
  • Week 47 - DNS Re-binding
  • Week 48 - SSRF Bypass
  • Week 49 - File Upload Bypass
  • Week 50 - CRLF Injection
  • Week 51 - HTML to PDF
  • Week 52 - Parameter Pollution
  • Week 53 - Pre-Account Takeover
  • Week 54 - Race Conditions
  • Week 55 - SQLi to RCE
  • Week 56 - Cloud SSRF PrivEsc
  • Week 57 - Response Queue Poisoning
  • Week 58 - Directory Traversal
  • Week 59 - File Upload -> CSRF
  • Week 60 - Modern CSRF Attacks
Powered by GitBook
On this page

Week 36 - CVE Submission

PreviousWeek 35 - User AccountsNextWeek 37 - Second Order SQLi

Last updated 2 years ago

After a few of you reached out, I wanted to make this week’s web hacking tip on how to find CVEs and what to do when you discover one. So, let’s get into it! First, you need to locate software that runs on-premises at organizations rather than in the cloud. To do this you have to research. You can find giant lists of this all over the web, and it’s helpful if you find a certain type of software to target (CMS, Project Management Software, etc). Saasworthy[.]com is a useful website for filtering by software that runs on-prem: I also suggest you target the worst reviewed software. In all my testing, I’ve discovered an absolute truth: if a company does not invest in its application’s design, they also do not invest in its security. Now that you have a target, I highly recommend looking for a specific vulnerability depending on your level of comfort and expertise. Cross-Site Scripting is a good way to go, or SQLi if you’re comfortable enough with it. Try to sign up for a free trial of the software, access a demo, or find open-source code. If you have more ideas on how to get access, let me know in the comments. BUT PLEASE REMEMBER TO ONLY TEST APPS WITH EXPLICIT PERMISSION FROM THE OWNER. So, you’ve finally discovered your CVE! After searching online and determining it wasn’t already discovered/reported, submit your finding to MITRE: Now you will have to wait approximately 30 days for a response. If it’s accepted, they will provide a simple response like “Use CVE-XXXX-XXXXX”. At this point, I was super confused, because I didn’t know how to use a CVE number. But after some research, I found that I needed to publicize the vulnerability before it would be posted on MITRE. CXSecurity[.]com was the fastest to publicize my CVE (took less than a day), so I recommend going to them first. You can also use PacketStorm or Exploit-DB if you choose. After one of these companies posts your vulnerability, you need to go back to MITRE: And select the ‘Notify CVE about a publication’ option. Then simply provide the link to CXSecurity/PacketStorm/Exploit-DB and wait. It took about a day for MITRE to accept my publication and post the CVE! Once MITRE posts your CVE on cve[.]mitre[.]org it will take about a day to post on cvedetails[.]com, since cvedetails updates its records daily based upon MITRE. By the way, please reach out to the software vendor before publicizing your CVE. After all, we are in cyber security to help companies rather than criminals. I hope this was a helpful overview and inspires some of you to find a CVE!

https://www.saasworthy.com/list/on-premise-project-management-software?page=2
https://www.cve.org/ResourcesSupport/ReportRequest#RequestCVEID
https://cveform.mitre.org/