For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner in the last month.
CVE-2020-13662: Drupal Core Open Redirect
In CVE-2020-13662, Drupal versions 7.x to 7.69 are vulnerable to a open redirect vulnerability via the destination-parameter which can be used on different endpoints. For example: http://drupal.site/?destination=/something%3Fq=//example.com. Successful exploitation of this vulnerability would allow an attacker to send a user to a malicious website.
CVE-2020-9757: CraftCMS SEOmatic SSTI
This module checks for a vulnerability in the SEOmatic component before 3.3.0 for Craft CMS. There is a Server-Side Template Injection that leads to remote code execution via malformed data to the metacontainers controller. On successful exploiation, an attacker can execute system commands on the server.
CVE-2020-5902: F5 BIG-IP RCE and LFI
The Traffic Management User Interface on F5 BIG-IP is vulnerable to arbitrary command execution and local file read. A path normalization issue affects the Java backend, allowing an unauthenticated attacker to perform a relative path traversal attack and access sensitive endpoints that will grant further access within the system. On successful exploitation, an attacker will be able to execute arbitrary code on the system.
CVE-2020-4038: Prisma GraphQL Playground XSS
This module checks for a reflected cross-site scripting vulnerability in the GraphQL Playground IDE. The bug was patched a month ago, but all previous versions are vulnerable to this XSS. The vulnerable components of Playground did not sanitize user input, allowing an attacker to embed malicious code in requests such as URL parameters, query parameters, and unsanitized database text strings.
Browser Cache SOP Bypass
This module checks for the ability to bypass SOP via browser cache. This bypass would potentially allow an attacker to extract sensitive information from users’ accounts on sites that have a misconfigured CORS policy. A detailed write-up of this vulnerability can be found here: https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache/.
Questions or comments on the latest Detectify security updates? Let us know in the comments below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Login to check your assets.
Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!