26 Jan, 2023

Common vulnerabilities

Vulnerability Assessment as a Service (VAaaS)

Tests systems and applications for vulnerabilities to address weaknesses.

Common Vulnerabilities (CV) are weaknesses in security controls that can be exploited by attackers to gain unauthorized access to systems, networks, or data. They are often caused by software bugs, misconfigurations, or design flaws. The title for these vulnerabilities is “Common Vulnerabilities and Exposures” (CVE) which is a standardized list of common vulnerabilities maintained by MITRE Corporation. The CVE assigns unique identifier to each vulnerability called as CVE ID, which can be used to reference the vulnerability in security advisories and patches.

Example of vulnerable code on different programming languages:

There are many different types of Common Vulnerabilities and the specific vulnerable code would depend on the type of vulnerability.

Сross-Site Scripting (XSS) vulnerability in HTML:

				
					<input type="text" name="name" value="<?php echo $_GET['name']; ?>">

				
			

SQL injection in SQL:

				
					SELECT * FROM users WHERE username = '$username' AND password = '$password'
				
			

XSS vulnerability in JavaScript:

				
					var name = location.search.split('name=')[1];
document.getElementById("name").value = name;
				
			

XSS vulnerability in Python:

				
					name = request.args.get('name')
return f"<input type='text' name='name' value='{name}'>"

				
			


As you can see, in all the examples above, user input is not sanitized properly and it can be used by an attacker to inject malicious code into the website, which can lead to unauthorized access to the data or steal sensitive information from the website.

Examples of exploitation Common vulnerabilities

  • Exploiting software vulnerabilities: This method involves finding and exploiting known vulnerabilities in software running on the system in order to gain access to higher-level privileges.

  • Social engineering: This method involves tricking users into providing access to their accounts or systems, or tricking them into providing sensitive information.

  • Using default or weak credentials: Many systems come with default or weak credentials that are easily guessed or cracked, which can be used to gain access to the system.

  • Using privilege escalation exploits: This method involves using specific tools or scripts that have been designed to exploit a known vulnerability in a specific software or OS.

  • Abusing misconfigured permissions: This method involves taking advantage of misconfigured permissions on files, directories, or services to gain access to sensitive information or execute arbitrary code.

  • Exploiting kernel or system level vulnerabilities: this method involves finding and exploiting vulnerabilities on the kernel or system level, which can allow an attacker to gain root or administrator level access on the targeted system.

General methodology and checklist for testing for Common vulnerabilities

Methodology:

  1. Reconnaissance: This step involves gathering information about the target system or network, such as IP addresses, open ports, and software versions.

  2. Vulnerability scanning: This step involves using automated tools to scan the

  3. Vulnerability analysis: This step involves analyzing the results of the vulnerability scan to identify and prioritize vulnerabilities that need to be mitigated.

  4. Exploitation: This step involves attempting to exploit the identified vulnerabilities in order to gain access to the system or network.

  5. Post-exploitation: This step involves maintaining access to the system or network and attempting to escalate privileges or exfiltrate sensitive data.

  6. Mitigation: This step involves implementing measures to prevent or mitigate the identified vulnerabilities, such as applying software updates, configuring firewalls, or implementing access controls.

  7. Verification: This step involves verifying that the implemented mitigations are effective in preventing or mitigating the identified vulnerabilities.

Checklist:

  • SQL Injection: Test for the ability to inject malicious SQL code into the application. Try to inject code in input fields such as search boxes and form fields to determine if the application is vulnerable.

  • Cross-Site Scripting (XSS): Test for the ability to inject malicious JavaScript into the application. Try to inject code into input fields such as search boxes and form fields to determine if the application is vulnerable.

  • Cross-Site Request Forgery (CSRF): Test for the ability to perform actions on behalf of the user without their consent. Try to execute actions such as changing a user’s password or submitting a form.

  • Broken Authentication and Session Management: Test for weak password policies, session IDs that are easily guessable or predictable, and the ability to take over another user’s session.

  • Broken Access Control: Test for the ability to access restricted pages, data, or resources without proper authorization. Try to access restricted pages by manipulating URLs or modifying HTTP requests.

  • Insufficient Logging and Monitoring: Test for the ability to cover up malicious activity by examining the logging and monitoring practices of the application.

  • Insecure Cryptographic Storage: Test for the storage of sensitive information such as passwords and credit card numbers in an insecure manner.

  • Insecure Communications: Test for the use of insecure communication channels, such as plaintext HTTP, to transmit sensitive information.

  • Failure to Restrict URL Access: Test for the ability to access restricted pages by manipulating URLs.

  • Cross-Site Request Forgery (CSRF) Prevention Bypass: Test for the ability to bypass CSRF protections such as unique tokens and referer checks.

This list is not exhaustive, but it covers some of the most common vulnerabilities found in web applications. It’s important to note that vulnerabilities can be specific to each application and that this list is intended to serve as a starting point for testing.

Tools set for exploiting Common vulnerabilities

Manual Tools:

  • Burp Suite: A powerful platform for performing manual security testing of web applications. It includes features for scanning, fuzzing, and manipulating HTTP requests and responses.

  • OWASP ZAP: An open-source web application security scanner that can be used to identify vulnerabilities such as XSS and SQL injection.

  • SQLMap: A tool for automating the process of detecting and exploiting SQL injection vulnerabilities in web applications.

  • Nmap: A network mapping and security auditing tool that can be used to identify open ports and services, as well as perform simple vulnerability scans.

  • Metasploit Framework: A tool for developing and executing exploits against a wide range of targets, including web applications, servers, and desktop systems.

  • BeEF: A browser exploitation framework that can be used to launch attacks against web browsers and associated plugins.

  • Telnet: A simple network protocol for transmitting text-based messages over the Internet, often used for remote login and management of network devices.

  • Netcat: A network utility for reading from and writing to network connections using either TCP or UDP protocols.

  • Wireshark: A network protocol analyzer for capturing and analyzing network traffic, including web traffic.

  • Nessus: A vulnerability scanner that can be used to identify vulnerabilities in a wide range of systems, including web applications.

Automated Tools:

  • Acunetix: A web application security scanner that can be used to identify a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal.

  • QualysGuard: A cloud-based vulnerability management platform that can be used to scan web applications for vulnerabilities and manage the remediation process.

  • OpenVAS: An open-source vulnerability management system that can be used to perform extensive vulnerability scans of web applications and other systems.

  • Arachni: A web application security scanner that can be used to identify a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal.

  • w3af: A web application attack and audit framework that can be used to perform automated security testing of web applications.

  • WebInspect: A web application security scanner that can be used to identify a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal.

  • NeXpose: A vulnerability management solution that can be used to perform extensive vulnerability scans of web applications and other systems.

  • AppScan: A web application security scanner that can be used to identify a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal.

  • Grendel-Scan: A web application security scanner that can be used to identify a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal.

  • Skipfish: An active web application security reconnaissance tool that can be used to identify a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal.

Browser Plugins:

  • NoScript: A browser plugin for Firefox that can be used to block JavaScript, Java, and other types of scripts from running on websites, providing protection against XSS attacks.

  • AdBlock Plus: A browser plugin for Chrome, Firefox, and other browsers that can be used to block ads, banners, and other types of unwanted content from appearing in web pages.

Average CVSS score of Common vulnerabilities

CVSS (Common Vulnerability Scoring System) is a standardized method for scoring the severity of a vulnerability. The CVSS score is calculated based on several factors including the impact of the vulnerability, the ease of exploitation, and the availability of a patch or workaround. The CVSS score ranges from 0 to 10, with 10 being the most severe.

The average CVSS score for common vulnerabilities can vary depending on the specific vulnerability and the industry in which it is found. Generally, vulnerabilities that have a high CVSS score are considered to be more severe and require immediate attention.

For example, CVSS v3.1 base score of 9.8 for “Authentication Bypass by Capture-replay” vulnerability, which is considered as critical.

It’s important to note that CVSS scores should not be the only factor considered when assessing the risk of a vulnerability. Other factors such as the potential impact to the organization and the likelihood of exploitation should also be taken into account.

The Common Weakness Enumeration (CWE)

CWE, or Common Weakness Enumeration, is a standardized list of software weaknesses maintained by the MITRE Corporation. Common vulnerabilities can be associated with various CWEs, depending on the specific nature of the vulnerability. Some of the most commonly encountered CWEs related to common vulnerabilities include:

 CWE-89: SQL Injection: A vulnerability that allows an attacker to inject malicious SQL code into a web application, potentially compromising the underlying database.

 CWE-79: Cross-Site Scripting (XSS): A vulnerability that allows an attacker to inject malicious script into a web page, which is then executed by a victim’s browser.

 CWE-121: Stack-based Buffer Overflow: A vulnerability that occurs when a program writes more data to a buffer than it can hold, causing the stack to overflow and potentially allowing an attacker to execute arbitrary code.

 CWE-862: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’): A vulnerability that occurs when a web application executes arbitrary system commands without proper input validation, potentially allowing an attacker to inject malicious code.

 CWE-352: Cross-Site Request Forgery (CSRF): A vulnerability that allows an attacker to trick a victim into making an unintended request to a web application, potentially allowing the attacker to steal sensitive data or perform unauthorized actions.

 CWE-287: Improper Authentication: A vulnerability that occurs when a web application does not properly verify the identity of users, potentially allowing an attacker to gain unauthorized access to sensitive information or functionality.

 CWE-434: Unrestricted Upload of File with Dangerous Type: A vulnerability that occurs when a web application allows unrestricted upload of files with dangerous file types, such as executable files or scripts, potentially allowing an attacker to upload malicious code to the server.

Top CVES Common vulnerabilities

But, some of the most common vulnerabilities that have been assigned a CVE include:

 CVE-2019-0708: A vulnerability in Remote Desktop Services (RDS) that allows an unauthenticated attacker to execute arbitrary code on a vulnerable system.

 CVE-2017-5638: A vulnerability in Apache Struts 2 that allows an unauthenticated attacker to execute arbitrary code on a vulnerable system.

CVE-2014-6271: A vulnerability in the Bash shell that allows an attacker to execute arbitrary code on a vulnerable system.

• CVE-2012-1823: A vulnerability in the Java Runtime Environment (JRE) that allows an attacker to execute arbitrary code on a vulnerable system.

• CVE-2010-2883: A vulnerability in Microsoft Windows that allows an attacker to execute arbitrary code on a vulnerable system.

It’s worth noting that the list of top CVES changes over time as new vulnerabilities are discovered and others become less prevalent. It’s important to stay up-to-date with the latest information on vulnerabilities, and to take steps to protect your systems and networks from these threats.

List of popular exploits Common vulnerabilities

Here is a list of some popular exploits that target common vulnerabilities:

  1. SQLMap: SQLMap is an open-source tool for automating the process of detecting and exploiting SQL injection vulnerabilities. It can be used to test the security of web applications by injecting malicious SQL statements into database queries. SQLMap can automatically detect the type of database management system in use and adjust its attack accordingly.

  2. Havij: Havij is an automated SQL injection tool that can be used to perform penetration testing on web applications. It can automatically identify and exploit SQL injection vulnerabilities in a target application and is capable of performing various types of attacks, including blind SQL injection and time-based SQL injection.

  3. BeEF: BeEF, or the Browser Exploitation Framework, is a tool for exploiting browser-based vulnerabilities, particularly Cross-Site Scripting (XSS) vulnerabilities. BeEF can be used to launch XSS attacks and gain control over the victim’s browser, including keylogging, cookie theft, and browser manipulation.

  4. XSSer: XSSer is an open-source tool for automating the process of discovering and exploiting XSS vulnerabilities. XSSer can be used to scan a target web application for XSS vulnerabilities and then launch automated attacks to verify the existence of these vulnerabilities.

  5. Metasploit: Metasploit is an open-source framework for developing, testing, and executing exploits. Metasploit can be used to perform a variety of attacks, including buffer overflow exploits, command injection exploits, and web application exploits. It also includes a large library of pre-built exploits for a variety of platforms and applications.

  6. Core Impact: Core Impact is a commercial penetration testing tool that can be used to perform a wide range of security assessments, including buffer overflow exploits and command injection exploits. It includes a comprehensive library of exploits and also provides the ability to create custom exploits.

  7. Empire: Empire is a post-exploitation framework that can be used to perform various malicious actions on a compromised system, including command injection exploits. Empire is designed to be used in red team operations and provides a flexible and powerful platform for executing attacks.

  8. OWASP CSRF Tester: OWASP CSRF Tester is a tool for testing Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It can be used to automate the process of sending specially crafted requests to a target application to verify the presence of CSRF vulnerabilities.

  9. Commix: Commix is an automated tool for discovering and exploiting command injection vulnerabilities. It can be used to test the security of web applications by injecting malicious commands into input fields and observing the results.

  10. THC Hydra: THC Hydra is a password cracking tool that can be used to perform brute force attacks against various types of authentication systems, including web-based authentication systems. It is particularly effective against systems that are vulnerable to improper authentication exploits.

  11. Weevely: Weevely is a web shell tool that can be used to execute arbitrary commands on a target system through a web application. It can be used to take advantage of file upload vulnerabilities to upload a malicious web shell to the target system and then execute arbitrary commands.

Where to test Common vulnerabilities

 Vulnerable virtual machines: There are a number of vulnerable virtual machines available for download, such as those from Metasploitable, Kioptrix, and VulnHub. These VMs simulate a real-world environment with known vulnerabilities and can be used for testing and learning.

CTF (Capture the Flag) challenges: Many CTF competitions include challenges that involve exploiting common vulnerabilities. These challenges can be a good way to practice and improve your skills.

Online labs: There are also online platforms such as HackTheBox, HackLab, TryHackMe, and Root-Me where you can practice on a range of challenges and scenarios.

Bug bounty programs: Participating in bug bounty programs can also be a great way to find and report vulnerabilities. Many companies offer bug bounties as a way to encourage researchers to find and report vulnerabilities in their systems

For study Common vulnerabilities

There are many resources available for learning about common vulnerabilities and how to exploit them. Some options include:

 Online courses: Platforms such as Udemy, Coursera, and edX offer a wide range of courses on cybersecurity, penetration testing, and exploit development.

 Books: There are many books available on the topic of common vulnerabilities and exploit development, such as “The Web Application Hacker’s Handbook” and “Gray Hat Python”.

 Conferences and training: Attending cybersecurity conferences, such as Black Hat, DEF CON, and BSides, can be a great way to learn about the latest research and techniques in the field. Many of these conferences also offer training classes on specific topics.

 YouTube videos: There are many YouTube channels that provide educational videos on cybersecurity, penetration testing, and exploit development such as LiveOverflow, IppSec and Null Byte.

List of Books with Common vulnerabilities

  • “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws” by Dafydd Stuttard and Marcus Pinto – This book covers a wide range of web application vulnerabilities and provides detailed information on how to exploit them.

  • “Metasploit: The Penetration Tester’s Guide” by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni – This book provides a comprehensive introduction to the Metasploit Framework, a popular tool for exploit development and penetration testing.

  • “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory” by Michael Hale Ligh, Andrew Case, Jamie Levy, and AAron Walters – This book covers the topic of memory forensics, which can be used to detect malware and other advanced threats.

  • “Gray Hat Python: Python Programming for Hackers and Reverse Engineers” by Justin Seitz – This book provides an introduction to Python programming for security professionals and covers topics such as reverse engineering and exploit development.

  • “The Hacker Playbook 3: Practical Guide To Penetration Testing” by Peter Kim – This book provides a comprehensive guide to penetration testing, including information on reconnaissance, scanning, exploitation, and post-exploitation.

  • “SQL injection attacks and defense” by Justin Clarke – This book covers the topic of SQL injection, one of the most common web application vulnerabilities and provides information on how to defend against such attacks

  • “Black Hat Python: Python Programming for Hackers and Pentesters” by Justin Seitz – This book provides an introduction to Python programming for security professionals, with a focus on topics such as reverse engineering, exploit development, and penetration testing.

  • “Practical Mobile Forensics” by Heather Mahalik, David Westcott and Jesse Kornblum – This book provides an introduction to mobile device forensics, including information on how to acquire, analyze and report on data from mobile devices.

Useful services for Common vulnerabilities

  • Vulnerability scanners: These tools scan networks and systems to identify known vulnerabilities and provide information on how to fix them. Examples include Nessus, OpenVAS, and Qualys.

  • Penetration testing services: These services simulate real-world attacks to identify vulnerabilities and provide recommendations on how to fix them. Examples include Cobalt, Rapid7, and Trustwave.

  • Security Information and Event Management (SIEM) systems: These systems collect, analyze, and correlate security-related data from multiple sources to identify and respond to security threats in real-time. Examples include Splunk, LogRhythm, and ArcSight.

  • Security Orchestration, Automation and Response (SOAR) platforms: These platforms automate repetitive tasks, such as incident response and threat hunting, to help teams respond to security incidents faster and more efficiently. Examples include Demisto, Swimlane, and Respond Software.

  • Cloud security posture management (CSPM) tools: These tools discover, assess and remediates misconfigurations and vulnerabilities in cloud infrastructure and workloads. Examples include Prisma Cloud, Azure Security Center, AWS Security Hub.

Mitigations for Common vulnerabilities

  1. Patching: Installing software updates and patches to fix known vulnerabilities.

  2. Network segmentation: Isolating critical systems and sensitive data from less secure systems and networks.

  3. Firewalls: Restricting access to systems and networks by only allowing traffic from known and trusted sources.

  4. Two-factor authentication: Adding an additional layer of security by requiring users to provide a second form of identification before accessing a system or network.

  5. Security Information and Event Management (SIEM) systems: Collecting, analyzing, and correlating security-related data from multiple sources to identify and respond to security threats in real-time.

  6. Security Orchestration, Automation and Response (SOAR) platforms: Automating repetitive tasks, such as incident response and threat hunting, to help teams respond to security incidents faster and more efficiently.

  7. Endpoint Protection Platforms (EPP): Software that monitors and protects an organization’s endpoints (i.e. servers, laptops, mobile devices) from malware and other cyber threats.

  8. Application Security : Making sure that applications are secure and free from vulnerabilities, such as SQL injection and cross-site scripting (XSS).

Conclusion

Common vulnerabilities refer to a set of security weaknesses that are commonly found in software and systems. These vulnerabilities can include issues like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). These vulnerabilities can be exploited by attackers to gain unauthorized access to systems, steal sensitive data, or execute malicious code. It is important for organizations and individuals to be aware of these common vulnerabilities and take steps to protect against them, such as through regular security testing, secure coding practices, and software updates.

Other Services

Ready to secure?

Let's get in touch