Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner in the last weeks:

Ghost CMS Install Exposure RCE
This module checks for an exposed admin configuration endpoint in Ghost CMS. If exposed, an attacker will be able to create an admin account and inject NodeJS to cause RCE.

CVE-2021-28073: Ntopng Authentication Bypass
This module checks for CVE-2021-28073. An attacker can traverse to and read find_prefs.lua.

Nexus Repository Unauthenticated Source Code Disclosure
This module tries to forcefully reveal the source code files in instances of Nexus Repository. An unauthenticated attacker can view the source code of files handled by Nexus Repository.

SAP Netweaver Directory Listing
This module is checking if SAP Netweaver has directory listing enabled. If enabled an attacker will be able to list all files (and sub-directories) in the current directory.

CVE-2021-33564: Argument Injection in Ruby Dragonfly
This module looks for an argument injection in the Ruby Gem “Dragonfly”. An attacker can download arbitrary files from the server.

CVE-2021-29622: Prometheus Open Redirect
This module is checking if it’s possible to conduct open redirect attacks using a flaw in version 2.23.0 in Prometheus. If vulnerable, an attacker can leverage this to steal secrets passed as a part of the referrer header.

CVE-2021-3509: Redhat Ceph Cookie XSS
Redhat Ceph versions 14.2.17 through 14.2.20, 15.2.10 through 15.2.11 and 16.2.0 through 16.2.3 are vulnerable to an XSS vulnerability. An attacker can execute JavaScript which can steal the original token value and get access to the API.

AWS CodeBuild Build Spec Exposure
This module looks for Internet exposed AWS CodeBuild build spec files. The CodeBuild build spec files could contain sensitive information about the projects.

How can Detectify help?

Detectify checks your web applications for known vulnerabilities that are actively exploited in the wild. To begin, you need to verify ownership of the domain and then you can begin a scan within minutes. The Detectify scanners will run a check to determine your web technology profile, and then dispatch the relevant tests based on the results. The testing is context-based using hacker techniques like fuzzing, crawling and real hacker payloads to help discover where the vulnerabilities are.

Detectify scanners are based on HTTP request tests

image: Detectify only shows you vulnerabilities that we can verify as exploitable. You will always get to see the REQUEST and RESPONSE.

Detectify pushes security updates every week. Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

To keep up with today’s cyber threats, you need continuous security that’s integrated with development. With Detectify, you get more than a DAST with access to payload-based security tests beyond the OWASP Top 10. Check for the latest vulnerabilities!

Posted by Charlie