OWASP Using Component with known vulnerability

Known vulnerabilities are those gaps in the application security that have been identified by the product developer or the user or the hacker or the intruder. To exploit this vulnerability a hacker looking for those exploitable components inside the system which mostly belongs to third party vendor. To identify these kind of components the hacker usually take the help of various type of vulnerability scanning tools or analysing the components manually and list down all the components running inside the application with the version details.

Almost all application should have some vulnerability because when developer develop the application he mostly concentrates on the coding not on the third party library component or plugins which is used by him in this application. So unknowingly most of the plugins run using root privilege and when the hacker successfully exploits this he easily compromised the application and gain access.

CVE or common vulnerability exposer is a service which enlists all the popular application vulnerabilities the moment the patch is released by someone and update this vulnerability with a CVE score for identification. This vulnerability update can be used for good purpose as well as bad purpose. Good people will take the patch and apply it inside the vulnerable machine to get it fixed. But the attacker wil take this vulnerability information for bad purpose, he will searching over the applications those are exploitable using the vulnerability. So it always a good practice to be up to date about the vulnerability information and patched it as soon as the patched is released.

Let’s have an example to know how to get information about vulnerable third party component and use it for exploitation.

Start burp suit and configure it with you browser. Make sure the intercept button under Proxy tab should be turned off.

Now load you target website from the browser and come back to burp suit.

Now check the HTTP history under Proxy In burp suit and select the URL you have just entered and come to Response tab below.

From the above screenshot we are getting three components and their version details. Now the next step will be searching for vulnerability and how to use that for exploitation.

Here we will take the available apache version to find any vulnerability exists.

Apache version 2.4.37              

                                         

Search the above version in Google to get the available vulnerabilities which is exploitable.

Select the first search result to get familiar with the vulnerability from the official website of apache.

According to apache, this version is vulnerable to DoS attack when used with OpenSSL 1.1.1 and coincidently our web server is running with open SSL 1.1.1. That means it can be effected by DoS attack if someone found this information.

I hope you have enjoyed my article so far, if you have any doubt or feedback on the same please write it down in the comment section below I will try to response you. Happy Hacking!!