Introducing GraphQL Support for API Scanning
Detectify’s new GraphQL API Scanning uses hacker-led research to provide highly accurate (99.7%), payload-based security testing. It identifies complex vulnerabilities, helping enterprises meet PCI DSS …
New security tests, November 15, 2017: Image Resizer Exposure in .NET
Detectify
Another update, another batch of vulnerabilities. We have an interesting mix of new security test this week, including Sitecore, HashiCorp Consul and WordPress vulnerabilities. As always, don’t forget to run a scan to check if you’re vulnerable.
- Image Resizer Exposure in .NET (information finding that affects Sitecore and Episerver, among others)
- Exposure of /.mysql_history
- Exposure of /.pgsql_history
- CVE-2017-14619: phpMyFAQ XSS
- WordPress simple-login-log SQL Injection
- WordPress invite-anyone Object Injection
- WordPress hrm Authenticated SQL Injection
- WordPress userpro Authentication Bypass
- WordPress wp-support-plus-responsive-ticket-system CSRF/RCE
- WordPress qards SSRF
- WordPress wp-all-import XSS
- WordPress buddypress Authenticated Open Redirect
- WordPress caldera-forms Authenticated XSS
- WordPress wp-custom-fields-search XSS
- HasiCorp Consul Exposure
Check out more content
Introducing IP Range Scanning: continuous Surface Monitoring for your entire network
Most organizations share a common, uncomfortable secret: they can’t answer basic questions about what is actually exposed on their IP ranges. As companies grow, whether …
