Uploaded bynullowaspmumbai
PPTX, PDF278 views

How i got my first cve

The document describes how the author got their first CVE (Common Vulnerabilities and Exposures) by finding and reporting a stored cross-site scripting (XSS) vulnerability in the PHPMyFAQ framework. They tested a site using the framework, researched known issues, and did their own code analysis to discover an XSS in the question field when adding a new FAQ. They contacted the original team, provided steps to reproduce, and were eventually awarded CVE-2017-7579 for their finding.

Embed presentation

Download to read offline
How I Got My First CVE By Noman Shaikh
Whoami • Noman Shaikh • Computer Science Student @ A.P College • WebApp Sec • Bugbaba.blogspot.com • Reach me @nomanAli181
What is CVE (◑_◑) Common Vulnerabilities and Exposures (CVE) It is a dictionary of common names for publicly known cyber security vulnerabilities. ~ http://cve.mitre.org
How Does It Helps ╍●‿●╍ • Used to identify a Bug on a worldwide level • Makes easy to scan for exploits after Nmap Scan  • Boost your CV (>‿◠)✌
How To Get One ? • Find a security Bug in a product • Contact the vendor • Wait for fix and update • Ask for permission • Ask for CVE from cveform.mitre.org
My Story ✍(◔◡◔) • Found Stored XSS in PHPMyFAQ framework • CVE-2017-7579 • http://www.phpmyfaq.de/security/advisory- 2017-04-02
But How Did I Did It :/ • While testing a site • Found a subdomain that was using PHPMyFAQ • I started looking for known bugs in this Framework • Got CVE-2014-0814 that looked intresting • But no proper discription • What to do ? • Contact the original team :P
• They replied with the poc • But it didn’t worked with that site idk why :/ • Next what to do :__: ? • Either leave it or find a bug your self • I choose the second option ;)
Did setup at my local machine I didn’t wanted to put my time into this So i decided to put scanners to do the work Even After running them for days Got nothing -_-
Next i know php basics so i thought i should do Code analysis It was coded using OOPS conecpt and i knew procedural method only -,,,,,- • The only option i was left is to check it myself • There was a option `Proposal for a new FAQ`
The question field was vulnerable
You Don’t Belive Me :3 Steps to Reproduce : • Login to admin account in one browser • Open the site in another browser • Click on AddFAQ option • Fill the question field with payload • Submit the form • Go to admin dashboard in another browser and click on articles • Activate this FAQ • Go back to site and refresh xss gets executed onmouseover
References : • http://cve.mitre.org • http://www.phpmyfaq.de/security/ • Chirag • Dhiraj • Sharavan • Ishaq
How i got my first cve

More Related Content

PDF
Road map to getting your first cve
byShreya Pohekar
 
PPTX
How I got my First CVE
bynullowaspmumbai
 
PDF
Oh no, was that CSRF #Ouch
byAbhinav Sejpal
 
PDF
GoSec 2015 - Protecting the web from within
byIMMUNIO
 
PDF
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
byIMMUNIO
 
PDF
State of Web Security RailsConf 2016
byIMMUNIO
 
PDF
AWS Cloud Account Hacked
byAli Raza
 
DOCX
App proposal nathan towel
bymajapamaya
 
Road map to getting your first cve
byShreya Pohekar
 
How I got my First CVE
bynullowaspmumbai
 
Oh no, was that CSRF #Ouch
byAbhinav Sejpal
 
GoSec 2015 - Protecting the web from within
byIMMUNIO
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
byIMMUNIO
 
State of Web Security RailsConf 2016
byIMMUNIO
 
AWS Cloud Account Hacked
byAli Raza
 
App proposal nathan towel
bymajapamaya
 

What's hot

PDF
13 Test Automation Practices You Should be Afraid Of
byJoe Colantonio
 
PDF
Passwords, Attakcks, and Security, oh my!
byMichele Butcher
 
PPT
(In)Secure Ajax-Y Websites With PHP
bychw
 
PPTX
A Sampling of Tools
byDawn Code
 
PDF
Testers, get into security bug bounties!
byeusebiu daniel blindu
 
PPTX
Why I Hope ENCompass Continues to Fail
byAlan Manifold
 
PDF
DMA - Stupid Cyber Criminal Tricks
byThreatReel Podcast
 
13 Test Automation Practices You Should be Afraid Of
byJoe Colantonio
 
Passwords, Attakcks, and Security, oh my!
byMichele Butcher
 
(In)Secure Ajax-Y Websites With PHP
bychw
 
A Sampling of Tools
byDawn Code
 
Testers, get into security bug bounties!
byeusebiu daniel blindu
 
Why I Hope ENCompass Continues to Fail
byAlan Manifold
 
DMA - Stupid Cyber Criminal Tricks
byThreatReel Podcast
 

Similar to How i got my first cve

PDF
Secure PHP Coding
byNarudom Roongsiriwong, CISSP
 
PDF
2600 Thailand #50 From 0day to CVE
byPongtorn Angsuchotmetee
 
PDF
Php vulnerability presentation
bySqa Enthusiast
 
PPTX
How to discover 1352 Wordpress plugin 0days in one hour (not really)
byLarry Cashdollar
 
PDF
My tryst with sourcecode review
byAnant Shrivastava
 
PDF
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress Coding
byAaron Saray
 
PDF
Security Vulnerabilities: How to Defend Against Them
byMartin Vigo
 
PPTX
Something Died Inside Your Git Repo
byCliff Smith
 
PDF
Intro to Php Security
byDave Ross
 
PPTX
How to discover 1352 Wordpress plugin 0days in one hour (not really)
byLarry Cashdollar
 
PDF
Owasp top 10 web application security hazards part 2
byAbhinav Sejpal
 
PDF
Web Security attacks and defense
byJose Mato
 
PPTX
Secure programming with php
byMohmad Feroz
 
ODP
XSS
byHrishikesh Mishra
 
PDF
How not to suck at Cyber Security
byChris Watts
 
PDF
Penetration Testing Report
byAman Srivastava
 
PPT
XSS Primer - Noob to Pro in 1 hour
bysnoopythesecuritydog
 
PDF
Web app development_php_07
byHassen Poreya
 
PPTX
VAPT PRESENTATION full.pptx
byDARSHANBHAVSAR14
 
PDF
PHP
byPotter
 
Secure PHP Coding
byNarudom Roongsiriwong, CISSP
 
2600 Thailand #50 From 0day to CVE
byPongtorn Angsuchotmetee
 
Php vulnerability presentation
bySqa Enthusiast
 
How to discover 1352 Wordpress plugin 0days in one hour (not really)
byLarry Cashdollar
 
My tryst with sourcecode review
byAnant Shrivastava
 
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress Coding
byAaron Saray
 
Security Vulnerabilities: How to Defend Against Them
byMartin Vigo
 
Something Died Inside Your Git Repo
byCliff Smith
 
Intro to Php Security
byDave Ross
 
How to discover 1352 Wordpress plugin 0days in one hour (not really)
byLarry Cashdollar
 
Owasp top 10 web application security hazards part 2
byAbhinav Sejpal
 
Web Security attacks and defense
byJose Mato
 
Secure programming with php
byMohmad Feroz
 
XSS
byHrishikesh Mishra
 
How not to suck at Cyber Security
byChris Watts
 
Penetration Testing Report
byAman Srivastava
 
XSS Primer - Noob to Pro in 1 hour
bysnoopythesecuritydog
 
Web app development_php_07
byHassen Poreya
 
VAPT PRESENTATION full.pptx
byDARSHANBHAVSAR14
 
PHP
byPotter
 

More from nullowaspmumbai

PPTX
Xxe
bynullowaspmumbai
 
PDF
ELK in Security Analytics
bynullowaspmumbai
 
PPTX
Switch security
bynullowaspmumbai
 
PPTX
Radio hacking - Part 1
bynullowaspmumbai
 
PPTX
Power forensics
bynullowaspmumbai
 
PPTX
Infrastructure security & Incident Management
bynullowaspmumbai
 
PPTX
Middleware hacking
bynullowaspmumbai
 
PPTX
Internet censorship circumvention techniques
bynullowaspmumbai
 
PPTX
Adversarial machine learning updated
bynullowaspmumbai
 
PPTX
Commix
bynullowaspmumbai
 
PPTX
Adversarial machine learning
bynullowaspmumbai
 
PPTX
Dll Hijacking
bynullowaspmumbai
 
PPTX
Abusing Target
bynullowaspmumbai
 
PDF
NTFS Forensics
bynullowaspmumbai
 
PPTX
Drozer - An Android Application Security Tool
bynullowaspmumbai
 
PPTX
Middleware hacking
bynullowaspmumbai
 
PDF
Ganesh naik linux_kernel_internals
bynullowaspmumbai
 
PDF
Buffer overflow null
bynullowaspmumbai
 
PDF
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
bynullowaspmumbai
 
PDF
Null mumbai Session on ransomware by_Aditya Jamkhande
bynullowaspmumbai
 
Xxe
bynullowaspmumbai
 
ELK in Security Analytics
bynullowaspmumbai
 
Switch security
bynullowaspmumbai
 
Radio hacking - Part 1
bynullowaspmumbai
 
Power forensics
bynullowaspmumbai
 
Infrastructure security & Incident Management
bynullowaspmumbai
 
Middleware hacking
bynullowaspmumbai
 
Internet censorship circumvention techniques
bynullowaspmumbai
 
Adversarial machine learning updated
bynullowaspmumbai
 
Commix
bynullowaspmumbai
 
Adversarial machine learning
bynullowaspmumbai
 
Dll Hijacking
bynullowaspmumbai
 
Abusing Target
bynullowaspmumbai
 
NTFS Forensics
bynullowaspmumbai
 
Drozer - An Android Application Security Tool
bynullowaspmumbai
 
Middleware hacking
bynullowaspmumbai
 
Ganesh naik linux_kernel_internals
bynullowaspmumbai
 
Buffer overflow null
bynullowaspmumbai
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
bynullowaspmumbai
 
Null mumbai Session on ransomware by_Aditya Jamkhande
bynullowaspmumbai
 

Recently uploaded

PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
December Patch Tuesday
byIvanti
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 

How i got my first cve

  • 1.
    How I GotMy First CVE By Noman Shaikh
  • 2.
    Whoami • Noman Shaikh •Computer Science Student @ A.P College • WebApp Sec • Bugbaba.blogspot.com • Reach me @nomanAli181
  • 3.
    What is CVE(◑_◑) Common Vulnerabilities and Exposures (CVE) It is a dictionary of common names for publicly known cyber security vulnerabilities. ~ http://cve.mitre.org
  • 4.
    How Does ItHelps ╍●‿●╍ • Used to identify a Bug on a worldwide level • Makes easy to scan for exploits after Nmap Scan  • Boost your CV (>‿◠)✌
  • 5.
    How To GetOne ? • Find a security Bug in a product • Contact the vendor • Wait for fix and update • Ask for permission • Ask for CVE from cveform.mitre.org
  • 7.
    My Story ✍(◔◡◔) •Found Stored XSS in PHPMyFAQ framework • CVE-2017-7579 • http://www.phpmyfaq.de/security/advisory- 2017-04-02
  • 8.
    But How DidI Did It :/ • While testing a site • Found a subdomain that was using PHPMyFAQ • I started looking for known bugs in this Framework • Got CVE-2014-0814 that looked intresting • But no proper discription • What to do ? • Contact the original team :P
  • 10.
    • They repliedwith the poc • But it didn’t worked with that site idk why :/ • Next what to do :__: ? • Either leave it or find a bug your self • I choose the second option ;)
  • 11.
    Did setup atmy local machine I didn’t wanted to put my time into this So i decided to put scanners to do the work Even After running them for days Got nothing -_-
  • 12.
    Next i knowphp basics so i thought i should do Code analysis It was coded using OOPS conecpt and i knew procedural method only -,,,,,- • The only option i was left is to check it myself • There was a option `Proposal for a new FAQ`
  • 13.
    The question fieldwas vulnerable
  • 14.
    You Don’t BeliveMe :3 Steps to Reproduce : • Login to admin account in one browser • Open the site in another browser • Click on AddFAQ option • Fill the question field with payload • Submit the form • Go to admin dashboard in another browser and click on articles • Activate this FAQ • Go back to site and refresh xss gets executed onmouseover
  • 16.
    References : • http://cve.mitre.org •http://www.phpmyfaq.de/security/ • Chirag • Dhiraj • Sharavan • Ishaq