For continuous coverage, we push out major Detectify updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Magento Unauthenticated SQL Injection

The recent Magento that made a lot of news was submitted together with a proper proof of concept. That that we are able to actually test for the , instead of just looking at the installed version of Magento. This minimizes false positives and creates a much more accurate report.

WordPress wp--maps SQL Injection

Reported to us as a 0day at the same time as they noticed the developers of the plugin. The plugin vendor acted quickly and the patch for the plugin was released two days ago as can be seen in the changelog. Big thank you to the Crowdsource researcher Thomas Chauchefoin that found and reported the vulnerability.

Google Maps Unrestricted API Key

Google Maps provide an API for site owners that want to embed a map on their website. The API-key can be configured in several different ways, and if a specific domain is not specified when setting it up it would be possible for other websites to embed a map using your API-key. This is a paying API, meaning it could drastically increase your bill to Google, or prevent it from functioning on your own site.

Git Daemon Exposure

Not only does it happen that people accidentally expose configuration files that have to do with Git, some people also accidentally expose a Git Daemon itself. When this happens it could be possible for an attacker to connect to it and download the source code of a git project.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Log in to check your assets.

Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 00+ known vulnerabilities including the OWASP . Check for the latest vulnerabilities!



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here