For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner tool on 7 February.
Joomla! jcruiseportal SQL Injection
J-CruisePortal is a Joomla extension. A SQL injection in that extension was recently published online, which someone in Crowdsource picked up and submitted to us. More information can be found here: https://old.exploit-db.com/exploits/46233/
OPcache Status Exposure
OPcache Status is a tool to view information about your PHP instance. This in itself is fine, but if misconfigured when setting it up there is a risk of exposing it on the internet. This would let external actors view such status information about the installation.
Hydra is a popular identity management tool which recently fixed a reflective XSS-vulnerability. The patch can be found here for technical information: https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3#diff-f949e2d81c8076ebbf8af38fcbb72c1f
Questions or comments on our latest security updates? Let us know in the section below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Login to check your assets.
Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!