You get a CVE, he gets a CVE, you all get CVEs

CVEs = Clout?

Author

Tadi
February 16, 2024

Yoo. Welcome to Issue #04 of Navigating Security.

šŸƒQuote of the week:

Job security = being very good at your job and being valuable and wanted everywhere. Have that group of peers who can give you a job tomorrow. That is real job security

TLDWTR šŸ™„

  • Web Cache Deception vs Web Cache Poisoning

  • The best way to find CVEs at the moment - Github dorking?

  • CVE-2023-31036: Arbitrary file upload to RCE

  • Customer-focused products - trying to escape the rat race šŸ€

  • Some mobile security labs

ā±ļø Incase you missed the previous issue, here you go:

Read more, bro.

Nav. Sec. Issue #03

www.navigatingsecurity.net/p/read-more-bro

This Weekā€™s YouTube Video:

Web Cache Deception vs Web Cache Poisoning

CVE hunting at scale āš–ļø

If you want some hacker clout you either need to have a popping h1 profile, a couple of cool CVEs, or know how to do binary exploitation. Florian describes what he thinks is the best way to go about CVE hunting at the moment; GitHub dorking. He also describes how you could potentially scale this method to cover a lot more repos. Heā€™s gotten a couple of CVEs using this method and Iā€™m pretty sure you can too.

One this he didnā€™t mention is automation tools that do some of the same tasks though, things like gitdorker. But obviously, if gitdorker did the same thing then these vulnerabilities would have been found right? Thatā€™s where customization comes in. Develop your own payloads and templates that you can spray on different targets, kinda like Nuclei.

CVE-2023-31036: Arbitrary file upload to RCE šŸ¦‡

This was a neat find. It made ProtectAiā€™s top bugs for February and the month of February isnā€™t even over lol. The API interface for Triton is vulnerable to path traversal allowing any file to be overwritten. The .bashrc file for the root user was overwritten and a shell was obtained. Simple and neat.

Customer-focused products šŸš€

I constantly ponder what sort of product or brand I could build that could potentially allow me to escape the rat race. If something allows you to make that much money then it obviously serves the customer well enough for there to be demand. Before watching this video, what product idea I had would be ā€˜founder focusedā€™ without even questioning whether there is demand - can it sell, can it scale?

This approach is flawed, seems the better approach is to try to sell first to test whether a service or product is viable, then move on from there. Try to sell your idea first to test the market out and scale from there. Now, not howā€¦

Mobile Security šŸ“±

Iā€™ll be going over some of the content by the folks over at MobileHackingLab over the next few weeks. Reviews and lab walkthroughs will be made so watch out for that. For now, if youā€™re into mobile security or have done some of their labs, hmu plz.

Suggestions

Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.