Known vulnerabilities are those gaps in the application
security that have been identified by the product developer or the user or the
hacker or the intruder. To exploit this vulnerability a hacker looking for those
exploitable components inside the system which mostly belongs to third party
vendor. To identify these kind of components the hacker usually take the help
of various type of vulnerability scanning tools or analysing the components
manually and list down all the components running inside the application with
the version details.
Almost all application should have some vulnerability
because when developer develop the application he mostly concentrates on the
coding not on the third party library component or plugins which is used by him
in this application. So unknowingly most of the plugins run using root
privilege and when the hacker successfully exploits this he easily compromised
the application and gain access.
CVE or common vulnerability exposer is a service which
enlists all the popular application vulnerabilities the moment the patch is
released by someone and update this vulnerability with a CVE score for
identification. This vulnerability update can be used for good purpose as well
as bad purpose. Good people will take the patch and apply it inside the
vulnerable machine to get it fixed. But the attacker wil take this
vulnerability information for bad purpose, he will searching over the
applications those are exploitable using the vulnerability. So it always a good
practice to be up to date about the vulnerability information and patched it as
soon as the patched is released.
Let’s have an example to know how to get information about
vulnerable third party component and use it for exploitation.
Now load you target website from the browser and come back
to burp suit.
Now check the HTTP history under Proxy In burp suit and select
the URL you have just entered and come to Response tab below.
From the above screenshot we are getting three components
and their version details. Now the next step will be searching for
vulnerability and how to use that for exploitation.
Here we will take the available apache version to find any
vulnerability exists.
Apache version 2.4.37
Search the above version in Google to get the available
vulnerabilities which is exploitable.
Select the first search result to get familiar with the vulnerability from the official website of apache.
According to apache, this version is vulnerable to DoS
attack when used with OpenSSL 1.1.1 and coincidently our web server is running
with open SSL 1.1.1. That means it can be effected by DoS attack if someone found
this information.
I hope you have enjoyed my article so far, if you have any
doubt or feedback on the same please write it down in the comment section below
I will try to response you. Happy Hacking!!
Your blog is interesting to read, thanks for sharing this and keep update your blog regularly.
ReplyDeleteEthical Hacking Course in Chennai
Ethical Hacking Training in Chennai
PHP Training in Chennai
gst Training in Chennai
AngularJS Training in Chennai
ReactJS Training in Chennai
Tally course in Chennai
ui ux design course in Chennai
Ethical Hacking course in OMR
Ethical Hacking course in Adyar
Thanks for this wonderful blog it is really informative to all.keep update more information about this
ReplyDeleteAngularjs training in chennai
Angularjs course in chennai
Android Training in Chennai
DOT NET Training in Chennai
Devops training in chennai
Angularjs training in T nagar
Angularjs training in Velachery
Angularjs training in OMR
Angularjs training in chennai
Angularjs course in chennai
Excellent Blog!!! Such an interesting blog with clear vision, this will definitely help many to make them update.
ReplyDeleteEnglish Speaking Classes in Mulund
IELTS Classes in Mulund
German Classes in Mulund
French Classes in Mulund
Spoken English Classes in Chennai
IELTS Coaching in Chennai
English Speaking Classes in Mumbai
IELTS Classes in Mumbai
Spoken English Class in Anna Nagar
IELTS Coaching in Tambaram
Interesting blog. Got a lotb of information about this technology.
ReplyDeletepearson vue
German Language Course in Chennai
IELTS Coaching in Chennai
Japanese Classes in Chennai
Spoken English Classes in Chennai
TOEFL Coaching in Chennai
Informatica Training in Chennai
spanish classes in chennai
content writing course in chennai
Your blog needs to have somebody who will get rid of nasty remarks just as wrong substance. You may likewise consider having the most significant remarks featured for you. blog comment service
ReplyDeleteNice Blog. Keep update more information about this..
ReplyDeleteIELTS Coaching in Chennai
IELTS coaching in bangalore
IELTS coaching centre in coimbatore
IELTS coaching in madurai
IELTS Coaching in Hyderabad
Best ielts coaching in bangalore
ielts training in bangalore
ielts coaching centre in bangalore
ielts classes in bangalore
ethical hacking course in bangalore
Great experience for me by reading this blog. Thank you for the wonderful article.
ReplyDeletejava interview questions and answers for experienced
java interview questions and answers
selenium interview questions and answers
digital marketing interview questions and answers for experienced
hadoop developer interview questions and answers for experienced
oracle interview questions and answers
python interview questions and answers pdf
Awesome Blog!!! Thanks for it, it is more useful for us.
ReplyDeletehacking books
java interview questions and answers
selenium interview questions and answers
digital marketing interview questions and answers
hadoop interview questions and answers
oracle interview questions
data science interview questions and answers
This is good site and nice point of view.I learnt lots of useful information.
ReplyDeletephp training in tambaram
php Training in Anna Nagar
php training in velachery
PHP Training in T Nagar
PHP Training in Porur
PHP training in OMR
PHP Training in Chennai
Aivivu chuyên vé máy bay, tham khảo
ReplyDeletevé máy bay đi Mỹ khứ hồi
vé bay hà nội hồ chí minh
vé máy bay nha trang - hà nội
bay hà nội nha trang
đặt vé máy bay đi quy nhơn
thuê xe đi sân bay nội bài
review combo vinpearl phú quốc
Learned a lot of new things in this post. This post gives a piece of excellent information…
ReplyDeleteAWS Training in Hyderabad
This is good site and nice point of view. Thank you for this wonderfull information.
ReplyDeletehttps://www.iteducationcentre.com/
Thank you for taking the time and sharing this information with us. Discover the ultimate resource for EdTech enthusiasts! Explore our handpicked selection of top article submission sites that offer instant approval.
ReplyDeleteFor more info visit Top article Submission Sites list
I found some useful information from this article, thanks for sharing the useful information. Explore Ziyyara Edutech’s best online tutoring sites for Class 11, offering private tuition classes designed to help you excel in chemistry and other subjects.
ReplyDeleteFor more info Contact us: +91-9654271931, +971-505593798 or visit Private tuition classes for class 11
Excellent post, it will be definitely helpful for many people. Keep posting more like this. Embark on a transformative journey with our comprehensive online English classes in Kuwait.
ReplyDeleteFor more info visit Spoken english language Class in kuwait fahaheel