Template

  • LAST UPDATED DATE:
  • LAST UPDATED BY:

Summary

A brief summary of the finding

Capabilities and Risk

This is to replace any "level" or "score" because of how much context is needed for a finding to have one, which is beyond the scope of this database.

  • List of possible uses for this finding to give real-world uses
  • Read files as www-data (or use web server is running as)
  • DDoS service
  • Code execution (for this one to fly there needs to be a refence proving it)

Detection

How does one detect the exploitation of this finding, or detect its presence.

Remediation

What are some of the ways to fix this finding?

References

  • Link to blog post
  • Link to CVE
  • Link to Metasploit module
  • Link to Nessus/NeXpose/Qualys write up

Exploitation

A write up on how this finding can be exploited with demo code or screen shots

Copy / Paste:

/*
Title: Finding Title
Description: Search engine meta data about the finding
*/

- LAST UPDATED DATE: 
- LAST UPDATED BY: 

## Summary

A brief summary of the finding

## Capabilities and Risk

This is to replace any "level" or "score" because of how much context is needed
for a finding to have one, which is beyond the scope of this database.

- List of possible uses for this finding to give real-world uses
- Read files as www-data (or use web server is running as)
- DDoS service
- Code execution (for this one to fly there needs to be a refence proving it)

## Detection

How does one detect the exploitation of this finding, or detect its presence.

## Remediation

What are some of the ways to fix this finding?

## References

- Link to blog post
- Link to CVE
- Link to Metasploit module
- Link to Nessus/NeXpose/Qualys write up

## Exploitation

A write up on how this finding can be exploited with demo code or screen shots
Want to contribute? Check out the readme and contribution page or Get in touch!
Last updated on 1st Dec 2015