Search What is Detectify?
×

Extended notes for security updates from 26 July

August 9, 2018

For continuous coverage, we push out a major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

The following are security vulnerabilities reported through Detectify Crowdsource and we added these tests to the Detectify scanner tool on 26 July.

We now scan for:

Exposed Yii Debugger:

  • Yii is a PHP framework
  • Bundles with a debugger
  • Exposure to all user requests to the server, environment variables and OS information
  • If misconfigured, this debug page can be publicly accessible for anyone that knows the URL for it
  • Similar to Flask and the Patreon Werkzeug debugger exposure

Serendipity Open Redirect:

  • Serendipity is an open source PHP blogging platform
  • An unauthenticated open-redirect exists in the system
  • Can be used in attack chains to get hold of CSRF tokens, OAuth tokens, referrals, etc.

Adobe Dreamweaver /dwsync.xml Exposure

  • Sites developed in Adobe Dreamweaver create a file called dwsync.xml and this file contains the full file/directory listing of the site
  • Can be used to conduct further attacks toward the system

Apache Drill Exposure

  • “Schema-free SQL Query Engine for Hadoop, NoSQL and Cloud Storage”
  • Have a web interface
  • If found, attacker can query all data for an organization

Apache Drill Path Traversal

  • If authentication is lacking, the system can be reconfigured
  • Allows attackers to query the local filesystem and read all files stored on the Apache Drill server

Markdown/deploy.md Exposure

  • Files ending with “.md” usually contain markdown text
  • The file deploy.md usually contains configuration details
  • Attacker could get access to sensitive information on how to manage the service

Liferay Portal SSRF

  • Liferay Portal is an enterprise CMS
  • Unauthenticated SSRF via XMLRPC (i.e, no trail is needed)
  • Attacker can send requests to services on their Intranet

Questions or comments on our latest security updates? Let us know in the comments below!

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!