Introduction
You know what software your target is running but how do you determine what vulnerabilities it has? The whole point of learning a target technology stack is so you can use this information to find associated vulnerabilities.

Google
When I’m looking to see what vulnerabilities a technology has the first place I go is Google. Actually Google is the first place I go when I have a question about anything as it’s the best resource out there. Try typing the following search queries into Google:

● <TECHNOLOGY><VERSION>vulnerabilities
● <TECHNOLOGY>VERSION>exploits

here is all kinds of stuff here! I see SQL injection exploits, LFI exploits, and much more. I recommend you click on the first couple links to see what interesting vulnerabilities there are. You’d be surprised at the things you will find buried in a blog post 10 links down the page.

ExploitDB
Another place I like to search is ExploitDB. ExploitDB is a tool used to search and download exploit code. This is by far one of my favorite resources to use when searching for vulnerabilities related to a technology stack.

● https://www.exploit-db.com/

You can use the website to search for things but I typically use the command line tool called searchsploit. You can download this tool from Github as shown below:

● https://github.com/offensive-security/exploitdb
● ./searchsploit “name of technology”

Normally once we find out the vulnerabilities a target is vulnerable to we have to search for the exploit code but we can skip this step since ExploitDB provides us with the proof of concept(POC) code as well.

CVE
According to Google, the Common Vulnerabilities and Exposures(CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. If you’re looking to find what CVEs a technology stack has, there is no better place to search than NIST.

● https://nvd.nist.gov/vuln/search

Searching for “Gila CMS” gives us 17 CVEs, the newer the CVE the better as there is a better chance the target hasn’t patched their systems yet. Note that just because you find a CVE doesn’t mean you can exploit it. To exploit a CVE, you need the proof of concept (POC) exploit code, without that you’re stuck.

Summary
Locating the vulnerabilities impacting a technology stack is relatively easy. All you really have to do is search for them. Between Google, ExploitDB, and NIST you should be able to find everything you’re looking for.

Leave a Reply

Your email address will not be published. Required fields are marked *