Comments (12)
Hi @am0o0,
We will review this early next week (most likely Tuesday) with the rest of the team. We will let you know. Don't start the development just yet.
~tooryx
from tsunami-security-scanner-plugins.
@tooryx I'm ready for a ping and I'll implement this as fast as possible.
from tsunami-security-scanner-plugins.
Hi @am0o0,
Currently we are not sure this plugin would be a good match for Tsunami. We have mainly a concern with the fact that there is no way in Tsunami to receive an email to receive the password reset link.
Let me know your thoughts.
~tooryx
from tsunami-security-scanner-plugins.
We can use some temp free email services without any need to get API keys, but I don't think it qualifies as a tsunami plugin.
from tsunami-security-scanner-plugins.
Using a free email service would mean sending vulnerability signals to a third-party service. We should avoid this and keep tsunami standalone (in the sense of external service dependencies) whenever possible.
from tsunami-security-scanner-plugins.
I think we can use Gmail API. If we have a config file, I suggest that I have a local config file for this plugin if it is possible. Otherwise, consider adding A config file to fill it with a Gmail API Key ( with the user's responsibility, of course), And Users allow the plugins to use this. Gmail API is free and entirely safe.
Checking for new emails is easy too, because we can append a random value at the end of the Gmail address like [email protected]
that we want to send the payload.
from tsunami-security-scanner-plugins.
@tooryx My idea is to directly detect a specific version match, and if the versions are the same, output the existence of vulnerabilities.
from tsunami-security-scanner-plugins.
@am0o0: I personally think that this would make Tsunami more complex (especially to deploy) for one vulnerability. But I will check with the rest of the team and keep you both updated;
@hh-hunter: We do not want Tsunami to perform version-matching checks. This type of check is too flaky and has a higher chance for false positive. We want Tsunami to stay a high-quality scanner;
~tooryx
from tsunami-security-scanner-plugins.
@tooryx If I find a solution that is not a version match and verifies the vulnerability 100%, is the issue written by me and the prize belongs to both of us?or is there another answer?
from tsunami-security-scanner-plugins.
@am0o0: I personally think that this would make Tsunami more complex (especially to deploy) for one vulnerability. But I will check with the rest of the team and keep you both updated;
@tooryx Do you think if it is an optional feature, then it makes the Tsunami plugin ecosystem more complex?
from tsunami-security-scanner-plugins.
@tooryx @am0o0 By utilizing the feature of sending emails, this vulnerability will definitely perform a DNS resolution on the URL of the email. We only need to take advantage of this opportunity to detect OOB domains and determine if there are any DNS requests, which can indicate whether the vulnerability exists.If this plugin implementation is helpful, please consider accepting my suggestion.
from tsunami-security-scanner-plugins.
Hi folks,
You're both suggesting very good ideas. But in all cases, this vulnerability is not a priority at the moment. You both have a few PRs or issues that we are trying to review as part of our backlog, so let's focus on these. We are doing our best to catch up, please bear with us.
~tooryx
from tsunami-security-scanner-plugins.
Related Issues (20)
- PRP: Request CVE-2023-49070 RCE Vulnerability in Apache OFBiz HOT 1
- PRP: Dolibarr ERP pre auth rce on default insallations works on all versions HOT 8
- RCE on Ivanti Connect Secure and Ivanti Policy Secure, CVE-2023-46805
- PRP: Atlassian Jira Seraph Authentication Bypass RCE critical(CVE-2022-0540)
- PRP : CVE-2023-20198: Cisco WebUI RCE
- PRP: Atlassian Confluence RCE (CVE-2023-22527) HOT 1
- PRP: CVE-2021-24155 Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution
- Additional RCE payloads for Tsunami scanner payload generator HOT 1
- PRP: Request Jenkins Arbitrary File Read (CVE-2024-23897) HOT 11
- PRP: Request CVE-2023-7028 Account-Take-Over Vulnerability In Gitlab HOT 2
- PRP: CVE-2019-8451: Atlassian Jira pre auth SSRF
- PRP: CVE-2020-2096: Jenkins GitLab Hook Plugin XSS HOT 1
- PRP: Request Apache Ofbiz Authentication Bypass Leads to RCE (CVE-2023-51467) HOT 9
- PRP: connectwise screenconnect authentication bypass HOT 2
- PRP: Request Web Application Fingerprint - Grafana HOT 5
- PRP: Adobe ColdFusion RCE (CVE-2023-26360) HOT 3
- CVE-2023-5376 - Korenix JetNet TFTP Improper Authentication HOT 1
- PRP: Request Web Application Fingerprint - Apache Solr HOT 4
- PRP: JetBrains TeamCity Authentication Bypass (CVE-2023-42793) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tsunami-security-scanner-plugins.