Search Go hack yourself with Detectify

A web security blog from Detectify

Detectify security updates for 17 June

June 17, 2020

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner in the last month.

CVE-2020-12720: vBulletin SQL Injection
vBulletin is a proprietary Internet forum software package used to build and manage online community websites. This module searches for a SQL injection vulnerability that would allow an attacker to launch a RCE attack via resetting the admin’s password.

CVE-2020-12116: Zoho ManageEngine OpManger Unauthenticated Arbitrary File Read
The latest release of Zoho ManageEngine OpManger contains a directory traversal vulnerability that allows unrestricted access to every file in the OpManager application. This includes private SSH keys, password protected Java keystores, and configuration files containing passwords to keystores, private certificates, and the backend database.

CVE-2020-9315: Oracle iPlanet Sensitive Data Disclosure
A vulnerability exists in the web administration console of Oracle’s iPlanet Web Server which makes it possible to read information from any page within the console without authentication. This can result in sensitive data exposure of configuration information about the server including encryption keys, JVM configuration and other data.

CVE-2020-9314: Oracle iPlanet Image Injection
A vulnerability exists in the “productNameSrc” parameter in the administration console, which allows for injection of external images which can facilitate advanced phishing attacks.

Adobe AEM Fiddle RCE
AEM Fiddle provides an accessible, developer friendly environment for experimentation, POCs and other one-off tasks. A researcher submitted a PoC that would execute an RCE on exposed AEM Fiddle instances.

Adobe Experience Manager Groovy Console RCE
The AEM Groovy Console provides an interface for running Groovy scripts in the AEM container. Scripts can be created to manipulate content in the JCR, call OSGi services, or execute arbitrary code using the CQ, Sling, or JCR APIs. If installed and publicly exposed, an attacker is able execute Groovy code via the bin/groovyconsole/post.json endpoint.

NGINX Virtual Host Traffic Status Module XSS
This is an Nginx module that provides access to virtual host status information. It contains the current status such as servers, upstreams, caches. A researcher submitted a PoC that would allow an attacker to launch an unauthenticated reflected XSS on the module.

CVE-2020-9039: Couchbase Server Unauthenticated Projector and Indexer REST endpoints
This module tests for insecure permissions for the projector and indexer REST endpoints in Couchbase Server. Unauthenticated access to these endpoints would allow an attacker to update/change the server’s configuration and collect performance profiles.

CVE-2020-5405: Spring Cloud Config Directory Traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.

Questions or comments on the latest Detectify security updates? Let us know in the comments below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!