/* Title: Template Description: Search engine meta data about the finding */
- LAST UPDATED DATE:
- LAST UPDATED BY:
A brief summary of the finding
This is to replace any "level" or "score" because of how much context is needed for a finding to have one, which is beyond the scope of this database.
- List of possible uses for this finding to give real-world uses
- Read files as www-data (or use web server is running as)
- DDoS service
- Code execution (for this one to fly there needs to be a refence proving it)
How does one detect the exploitation of this finding, or detect its presence.
What are some of the ways to fix this finding?
- Link to blog post
- Link to CVE
- Link to Metasploit module
- Link to Nessus/NeXpose/Qualys write up
A write up on how this finding can be exploited with demo code or screen shots
/*
Title: Finding Title
Description: Search engine meta data about the finding
*/
- LAST UPDATED DATE:
- LAST UPDATED BY:
## Summary
A brief summary of the finding
## Capabilities and Risk
This is to replace any "level" or "score" because of how much context is needed
for a finding to have one, which is beyond the scope of this database.
- List of possible uses for this finding to give real-world uses
- Read files as www-data (or use web server is running as)
- DDoS service
- Code execution (for this one to fly there needs to be a refence proving it)
## Detection
How does one detect the exploitation of this finding, or detect its presence.
## Remediation
What are some of the ways to fix this finding?
## References
- Link to blog post
- Link to CVE
- Link to Metasploit module
- Link to Nessus/NeXpose/Qualys write up
## Exploitation
A write up on how this finding can be exploited with demo code or screen shots