CYBER ODISHA | Cyber Security | Ethical Hacking | Bug Bounty

Cyber Awarness Our Mission

Identifying the vulnerabilities |vulnerabilities cyber security

ByRRR

Oct 15, 2022

Introduction
You know what software your target is running but how do you determine what vulnerabilities it has? The whole point of learning a target technology stack is so you can use this information to find associated vulnerabilities.

Google
When I’m looking to see what vulnerabilities a technology has the first place I go is Google. Actually Google is the first place I go when I have a question about anything as it’s the best resource out there. Try typing the following search queries into Google:

● <TECHNOLOGY><VERSION>vulnerabilities
● <TECHNOLOGY>VERSION>exploits

here is all kinds of stuff here! I see SQL injection exploits, LFI exploits, and much more. I recommend you click on the first couple links to see what interesting vulnerabilities there are. You’d be surprised at the things you will find buried in a blog post 10 links down the page.

ExploitDB
Another place I like to search is ExploitDB. ExploitDB is a tool used to search and download exploit code. This is by far one of my favorite resources to use when searching for vulnerabilities related to a technology stack.

● https://www.exploit-db.com/

You can use the website to search for things but I typically use the command line tool called searchsploit. You can download this tool from Github as shown below:

● https://github.com/offensive-security/exploitdb
● ./searchsploit “name of technology”

Normally once we find out the vulnerabilities a target is vulnerable to we have to search for the exploit code but we can skip this step since ExploitDB provides us with the proof of concept(POC) code as well.

CVE
According to Google, the Common Vulnerabilities and Exposures(CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. If you’re looking to find what CVEs a technology stack has, there is no better place to search than NIST.

● https://nvd.nist.gov/vuln/search

Searching for “Gila CMS” gives us 17 CVEs, the newer the CVE the better as there is a better chance the target hasn’t patched their systems yet. Note that just because you find a CVE doesn’t mean you can exploit it. To exploit a CVE, you need the proof of concept (POC) exploit code, without that you’re stuck.

Summary
Locating the vulnerabilities impacting a technology stack is relatively easy. All you really have to do is search for them. Between Google, ExploitDB, and NIST you should be able to find everything you’re looking for.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Latest Govt Jobs Naukari Update Odisha Naukari

OPSC Assistant Executive Engineer (Civil & Mechanical) Recruitment 2023 – Apply Online for 391 Posts

Mar 28, 2023
Defense Job Latest Govt Jobs Naukari Update

ISRO Recruitment 2023 – Apply Online for 62 Technical Asst, Technician ‘B’ & Other Posts

Mar 27, 2023
10th Pass jobs Latest Govt Jobs Naukari Update

SSC Ladakh Selection Posts Recruitment 2023 – Apply Online for Posts

Mar 27, 2023
10th Pass jobs 12th Pass Jobs Defense Job Naukari Update

CRPF Constable Recruitment 2023 – Apply Online for 9212 Posts

Mar 25, 2023