Skip to content

Latest commit

 

History

History
85 lines (55 loc) · 1.85 KB

TEMPLATE.md

File metadata and controls

85 lines (55 loc) · 1.85 KB

/* Title: Template Description: Search engine meta data about the finding */

  • LAST UPDATED DATE:
  • LAST UPDATED BY:

Summary

A brief summary of the finding

Capabilities and Risk

This is to replace any "level" or "score" because of how much context is needed for a finding to have one, which is beyond the scope of this database.

  • List of possible uses for this finding to give real-world uses
  • Read files as www-data (or use web server is running as)
  • DDoS service
  • Code execution (for this one to fly there needs to be a refence proving it)

Detection

How does one detect the exploitation of this finding, or detect its presence.

Remediation

What are some of the ways to fix this finding?

References

  • Link to blog post
  • Link to CVE
  • Link to Metasploit module
  • Link to Nessus/NeXpose/Qualys write up

Exploitation

A write up on how this finding can be exploited with demo code or screen shots

Copy / Paste:

/*
Title: Finding Title
Description: Search engine meta data about the finding
*/

- LAST UPDATED DATE: 
- LAST UPDATED BY: 

## Summary

A brief summary of the finding

## Capabilities and Risk

This is to replace any "level" or "score" because of how much context is needed
for a finding to have one, which is beyond the scope of this database.

- List of possible uses for this finding to give real-world uses
- Read files as www-data (or use web server is running as)
- DDoS service
- Code execution (for this one to fly there needs to be a refence proving it)

## Detection

How does one detect the exploitation of this finding, or detect its presence.

## Remediation

What are some of the ways to fix this finding?

## References

- Link to blog post
- Link to CVE
- Link to Metasploit module
- Link to Nessus/NeXpose/Qualys write up

## Exploitation

A write up on how this finding can be exploited with demo code or screen shots