mubix / cfdb Goto Github PK
View Code? Open in Web Editor NEWCommon Findings Database
Home Page: https://cfdb.io
License: BSD 3-Clause "New" or "Revised" License
Common Findings Database
Home Page: https://cfdb.io
License: BSD 3-Clause "New" or "Revised" License
/*
Title: Local File Inclusion
Description: Search engine meta data about the finding
*/
Local File Inclusion (LFI) allows the attacker the include files that are already locally present on the server
through the exploitation of a flawed file inclusion procedure.
Implement file inclusion procedures that properly sanitize all input.
Consider the code below (Credit: owasp.org)
The code is normally used like this:
http://vulnerable_host/preview.php?file=myFile
However an attacker can exploit the lack of sanitization by using null-byte terminators, %00, to effectively end the string before .php is added:
http://vulnerable_host/preview.php?file=../../../../etc/passwd%00
This would results like the following:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
alex:x:500:500:alex:/home/alex:/bin/bash
margo:x:501:501::/home/margo:/bin/bash
Directory traversal is an HTTP exploit which allows attackers to access restricted directories and/or execute commands outside of the web server's root directory.
Input example source code here
Instead of having "LAST UPDATED BY:" in the template, how about handling contributions the way NMAP NSE's do, where you just list all of the people who have made contributions to that template on an "author(s)" line. In practice, if you make a contribution, you just append your name to the list of authors. I foresee multiple people having a hand in many of these findings, and it would be nice to see which ones have had the most eyes on them.
For example, from the http-enum nmap NSE script:
author = "Ron Bowes, Andrew Orr, Rob Nicholls"
Can we have sections added for OSINT, Physical Security, and possibly Business Practices or something that would relate to social engineering and users being exploited by phishing?
Neo4j Query with Blood Hound data:
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1.name) AS domainControllers MATCH (c2:Computer {unconstraineddelegation:true}) WHERE NOT c2.name IN domainControllers RETURN c2.name,c2.operatingsystem ORDER BY c2.name ASC
Source: https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
Write up:
The following servers have “Unconstrained Delegation”. This means that if an attacker gained access to one of these servers with administrative rights, they can steal Kerberos tickets (specifically ‘Ticket-Granting-Tickets’ TGTs) that can be reused against the Domain Controllers or other systems. It is recommended that this permission be removed if possible, or the systems be protected as high value targets.
/*
Title: SQL Injection
Description: SQL Injection SQLi database vulnerability
*/
A code injection technique that allows an attacker to make arbritrary calls
to the backend database.
SQL Injection allows an attacker to access entries in the application database
and in some cases write to the database which can lead to code execution on
the server.
It can lead to partial or complete loss of the database entries and in
the worst case scenario allow an attacker to gain a foothold on the machine.
Properly sanatize all database calls using both a whitelist of known good input and blacklist of potentially dangerous meta characters and functions.
/*
Title: Apache Commons Collections Deserialization
Description: Search engine meta data about the finding
*/
The Apache Commons Collections Java library insecurely deserializes data
and with InvokerTransformer an attacker can build serializable objects that
will execute arbitrary Java code.
Any application that has the Apache Commons Collection library in its Java
class path and accepts serialized data can be coerced into executing arbrtrary code
on the attacker's behalf
This poses a high risk to any server running the ACC library and could
lead to complete compromise of the system.
Verify the server is running Java with the Apache Commons Collections in the class path.
Identify serialized Java objects being sent ot the application
Replace the serialized Java object with your base-64 encoded payload and verify.
Santizie all deserialized data being processed to the application
Update the Apache Commons Collection to the newest version.
Only fixes some of the insecure functions, some still exist
From Adobe's Statement:
"However, to be clear: this is not the only known and especially not unknown useable gadget. So replacing your installations with a hardened version of Apache Commons Collections will not make your application resist this vulnerability.
There are X users who have their passwords stored in active directory. These accounts were verified to have these passwords still active and the accounts are enabled. This is usually the result of an application creating a user in Active Directory programmatically using direct LDAP queries. It is recommended these accounts be investigated to see if they are still in use and if the passwords can be changed. The effect is that any user in the domain can query LDAP for these passwords in clear text.
/*
Title: Remote File Inclusion
Description: Remote File Inclusion Vulnerability
*/
A file inlcusion vulnerability that allows an attacker to include a file located at an external URL
Properly validate all input being passed to file inclusion methods.
--In progress--
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.