- Navigating Security
- Posts
- You get a CVE, he gets a CVE, you all get CVEs
You get a CVE, he gets a CVE, you all get CVEs
CVEs = Clout?
Yoo. Welcome to Issue #04 of Navigating Security.
šQuote of the week:
Job security = being very good at your job and being valuable and wanted everywhere. Have that group of peers who can give you a job tomorrow. That is real job security
TLDWTR š
Web Cache Deception vs Web Cache Poisoning
The best way to find CVEs at the moment - Github dorking?
CVE-2023-31036: Arbitrary file upload to RCE
Customer-focused products - trying to escape the rat race š
Some mobile security labs
ā±ļø Incase you missed the previous issue, here you go:
This Weekās YouTube Video:
Web Cache Deception vs Web Cache Poisoning
CVE hunting at scale āļø
If you want some hacker clout you either need to have a popping h1 profile, a couple of cool CVEs, or know how to do binary exploitation. Florian describes what he thinks is the best way to go about CVE hunting at the moment; GitHub dorking. He also describes how you could potentially scale this method to cover a lot more repos. Heās gotten a couple of CVEs using this method and Iām pretty sure you can too.
One this he didnāt mention is automation tools that do some of the same tasks though, things like gitdorker. But obviously, if gitdorker did the same thing then these vulnerabilities would have been found right? Thatās where customization comes in. Develop your own payloads and templates that you can spray on different targets, kinda like Nuclei.
CVE-2023-31036: Arbitrary file upload to RCE š¦
This was a neat find. It made ProtectAiās top bugs for February and the month of February isnāt even over lol. The API interface for Triton is vulnerable to path traversal allowing any file to be overwritten. The .bashrc file for the root user was overwritten and a shell was obtained. Simple and neat.
Customer-focused products š
I constantly ponder what sort of product or brand I could build that could potentially allow me to escape the rat race. If something allows you to make that much money then it obviously serves the customer well enough for there to be demand. Before watching this video, what product idea I had would be āfounder focusedā without even questioning whether there is demand - can it sell, can it scale?
This approach is flawed, seems the better approach is to try to sell first to test whether a service or product is viable, then move on from there. Try to sell your idea first to test the market out and scale from there. Now, not howā¦
Mobile Security š±
Iāll be going over some of the content by the folks over at MobileHackingLab over the next few weeks. Reviews and lab walkthroughs will be made so watch out for that. For now, if youāre into mobile security or have done some of their labs, hmu plz.
Suggestions
Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.