For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
The following are some of the security vulnerabilities reported by our internal team and Detectify Crowdsource. We added these tests to the Detectify scanner tool on 6 September.
Apache Struts RCE
A Remote Code Execution vulnerability was disclosed in Apache Struts in late August, meaning an attacker is able to craft code that will be executed on the target’s server. This is a framework for Java applications and is used by many enterprises around the world.
A PoC was submitted to us through Crowdsource, and has since been implemented.
Fingerprint for exposed administration tools
We fingerprint and warn about accidentally exposed administration tools. The severity of such exposure increases when no authentication is used.
This release we added/improved:
- Apache CouchDB
- TYPO3 Install Tool
- FileMaker WebDirect
PrestaShop is a platform used to run webshops. By default, no headers preventing iFrames are used even when logged in as an admin, meaning an attacker could do a clickjacking attack.
After blogging about how different implementation of ACME could lead to XSS or how we were able to issue certificates on domains that use a shared hosting, we have now also implemented a finding for an issue that once again could allow for malicious issuing of certificates if the server use redirections in a certain way.
After adding Liferay as a prioritised technology for Detectify Crowdsource, we received several submissions with vulnerabilities that we since implemented. So far, the XSS and a server side vulnerabilities reported are affecting older versions.
Socket.IO is a library for realtime communication between the browser and the server. When this is used with misconfigured CORS-headers, it will result in a session ID exposure, which can be used by an attacker to takeover that session. An attacker will be able to send requests to the server posing as the victim, as well as receiving messages intended for the victim.
The full potential impact of this varies a lot depending on what it is used for. There are instances where this is a core part of the application, which means this issue leads to account takeover.
Questions or comments on our latest security updates? Let us know in the section below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Login to check your assets.
Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!