"Yesterday, I pointed out that the National Vulnerability Database has not only failed to perform one of its most important jobs – adding CPE names to all new CVE records, a process called “enrichment” – this year, but they put an exclamation point on that record during the last two weeks of the year (ending yesterday 12/30) when they only added 15 of the 1,181 CPEs they should have added during that period. This means that, during those two weeks, they were only operating at a rate of 1%, vs. 45% in the previous 50 weeks (even 45% is abysmal, but it’s 45 times better than 1%, if my math is correct)." (quoting Tom Alrich from the link below) National Institute of Standards and Technology (NIST) is there _any_ way that you could clearly, and continuously, communicate with the industry on how NVD is doing instead of leaving it to everybody to figure it out? https://lnkd.in/ek2JGBbG
Neil Carpenter’s Post
More Relevant Posts
-
Lab 6 Completed on File Path Traversal: Null Byte Bypass ✅ Just completed another fascinating lab! This time, I bypassed a flawed file extension validation mechanism using a null byte injection. Here's a breakdown of my approach: 1️⃣ Analyzed File Extension Validation: Observed that the server restricted file uploads or access to specific extensions like .png or .jpg. 2️⃣ Identified the Weakness: Found that the application only checked the file extension at the end of the input, without properly sanitizing the entire path. 3️⃣ Exploited with Null Byte Injection: Appended a null byte (%00) after a malicious payload, such as /etc/passwd%00.png, to bypass the file extension check. 4️⃣ Verified Exploitation: Successfully retrieved the sensitive /etc/passwd file, confirming the vulnerability. 5️⃣ Completed the Challenge: Extracted the required data to complete the lab. This lab underscored the dangers of incomplete input validation, especially when relying solely on file extensions for security. A key takeaway is to implement stricter checks at the server level, ensuring all inputs are sanitized and validated comprehensively!
Lab: File path traversal, validation of file extension with null byte bypass | Web Security Academy
portswigger.net
To view or add a comment, sign in
-
Lab 5 Completed on File Path Traversal: Validate Start of Path ✅ Another intriguing lab completed! This time, I bypassed a flawed validation mechanism intended to enforce safe file paths. Here's a breakdown of how I solved it: 1️⃣ Analyzed Input Validation: Tested various inputs and noticed the server only validated the start of the file path. 2️⃣ Identified the Weakness: Realized the application was not validating the entire file path but only the initial prefix. 3️⃣ Crafted a Payload: Used a traversal sequence such as /safe-folder/../../etc/passwd to navigate out of the restricted directory and access sensitive files. 4️⃣ Verified Exploitation: Successfully retrieved the /etc/passwd file, proving the server’s validation mechanism was inadequate. 5️⃣ Completed the Challenge: Extracted the required data to complete the lab. This lab emphasized the importance of properly validating file paths, including their entirety, to prevent directory traversal attacks. A great reminder to implement robust server-side input handling mechanisms!
Lab: File path traversal, validation of start of path | Web Security Academy
portswigger.net
To view or add a comment, sign in
-
A vulnerability was found in PuTTY that shows how unintuitive cryptographic problems can be. What happened was that instead of 521 random bytes needed for ECDSA only 512 random bytes were generated and padded with zeroes (most likely through the reuse of legacy code). For most persons 512 instead of 521 doesn't sound all that bad and this is true for most of the algorithms in PuTTY. In the case of ECDSA P521 through some modulo math the effect is unfortunately and against intuition that the bug almost completely invalidates the security properties of the algorithm (about 60 captured signatures are enough to calculate the private key). Details and some hints at the math involved can be found at the putty website: https://lnkd.in/ewmypw_T
PuTTY vulnerability vuln-p521-bias
chiark.greenend.org.uk
To view or add a comment, sign in
-
Introducing a New Vulnerability Class: False File Immutability https://lnkd.in/egUMC4dm
Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs
elastic.co
To view or add a comment, sign in
-
This module taught me how to perform various attacks through file upload forums. including RCE, DoS, XSS, XXE, and even more. It also explained how can I bypass filters through numerous number of techniques, including manipulating the magic number, manipulating the Content-Type Header, manipulating the file extension, and even fuzzing for allowed extensions/content-type values to truly discover possible file upload attack avenues. It also covered areas like Null Byte Injection, OS-Specific bypassing methods, command injection, and more. It overall enhanced my methodology for successfully discovering and attacking file upload pages. https://lnkd.in/eYzBGaw5
Completed File Upload Attacks
academy.hackthebox.com
To view or add a comment, sign in
-
For cheat sheets that can help you get familiar with different useful commands and utilities (including Netcat), see http://h4cker.org/cheat.🤓 https://lnkd.in/eqZ9vju4
GitHub - The-Art-of-Hacking/h4cker: This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
github.com
To view or add a comment, sign in
-
Lab 4 Completed on File Path Traversal: Superfluous URL Decode ✅ Just conquered another engaging lab, this time exploiting a file path traversal vulnerability caused by superfluous URL decoding. Here’s a breakdown of my process: 1️⃣ Analyzed the server's decoding behavior by submitting URL-encoded payloads like %2E%2E%2F (equivalent to ../). 2️⃣ Discovered that the application performed multiple rounds of URL decoding, allowing bypasses of initial sanitization. 3️⃣ Crafted a double-encoded payload, such as ..%252f..%252f..%252fetc/passwd, which, after multiple decodings, resolved to a valid path traversal exploit. 4️⃣ Successfully accessed the sensitive /etc/passwd file, proving that the server’s defenses were inadequate. 5️⃣ Extracted the required data and completed the lab. This lab underscores the risks of improper input handling, especially when decoding is applied multiple times. Comprehensive testing and strict validation are crucial to prevent these attacks!
Lab: File path traversal, traversal sequences stripped with superfluous URL-decode | Web Security Academy
portswigger.net
To view or add a comment, sign in
-
A very easy module in general, but with a quite difficult final exercise. Here I have the information I store after completing the module: https://lnkd.in/dFkc3KMR .
Completed SQLMap Essentials
academy.hackthebox.com
To view or add a comment, sign in
-
🚨 Detecting CVE-2024-3596 Vulnerability in RADIUS 🚨 🔍 New Tool Alert: Introducing a Python-based detector for identifying the #CVE-#2024-#3596 #vulnerability in #RADIUS/#UDP traffic. This tool captures RADIUS Access-Request packets and checks for #MD5 collisions, helping ensure your network's security. #Limits of the #Code: The code is aimed directly at detecting MD5 conflict. However, a more comprehensive analysis may be required to thoroughly test all aspects of CVE-2024-3596. This code can only detect attacks based on MD5 collision. Additional analysis may be required to detect other potential vulnerabilities (for example, TLS or IPSec deficiencies). #Key #Details: Vulnerability: CVE-2024-3596 Method: Detects MD5 collisions in RADIUS/UDP traffic to determine if your network is vulnerable to attack. #Targets: Vulnerable methods include PAP, CHAP, and MS-CHAPv2 #How It Works: The tool listens to RADIUS #Access-Request packets. It analyzes these packets for MD5 collisions, which are known weaknesses that attackers can exploit. If an MD5 collision is detected, it indicates a potential vulnerability in your RADIUS implementation. https://lnkd.in/dQz4_Ezg
GitHub - alperenugurlu/CVE-2024-3596-Detector
github.com
To view or add a comment, sign in
-
Edu-Sharing Arbitrary File Upload: Edu-Sharing suffers from an arbitrary file upload vulnerability. Versions below 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 are affected.
Edu-Sharing Arbitrary File Upload ≈ Packet Storm
packetstormsecurity.com
To view or add a comment, sign in
Leader of OWASP SBOM Forum and Vulnerability Database Working Group projects; consultant on NERC CIP compliance in the cloud and vulnerability management
1moThis is a nice idea, Neil, but since the NVD staff members are all part of NIST, I don't think anything is going to change. The fact that the last notification they provided was in mid-November, related to a scheduled outage the next week, shows that communicating with the public just isn't their thing. For that matter, they have yet to give a coherent explanation of what happened on Feb. 12, and they keep pretending that about 3 months never happened and their backlog is much smaller than it is.