A personal mini blog about infosec and life
Previously, I mentioned my interest in improving my knowledge of browser internals and application security.
Although I am working on this in the background (and probably should invest more time in it), I also know it is crucial for me to strengthen my skills in cloud-native technologies and cloud platform security. So I have started studying for the Docker Certified Associate certification (https://github.com/Evalle/DCA). I will probably finish it by the start of next month.
Weekly Thoughts and Updates
Comparing Link Finder Tools
I compared the results of 'JS Link Finder', 'LinkFinder', and 'JS Miner'.
It seems that the vast majority of the time, 'JS Link Finder' finds paths that the others do not.
However, there were instances where 'LinkFinder' found a couple of URL paths that 'JS Link Finder' didn't discover.
JS Miner did not find anything almost all of the time, but when it did find API paths, they were very useful information that the others did not find.
Personally, when full coverage isn't very important, I would prefer using 'JS Link Finder' and 'JS Miner', as almost all the time the first two tools found the same things, while 'JS Link Finder' performed a bit better.
Comparing Tools to Potentially Finding a CVE
While doing this comparison, I found an interesting URL path that led to some kind of administrative feature that potentially allows me to add and remove servers, view IPs, ports, names, and maybe other things as well.
Since this path is related to a certain product, other web applications are vulnerable to this issue as well. I want to check this further and maybe request a CVE number for this.
Related CTF Challenge
As a coincidence, last weekend I tried a certain CTF challenge (SnakeCTF - Affekot) that was related to this topic. The web application used Next.js, and one of the URL paths was a page for developers to register an admin user. After that, it was easy to get the flag.
Web Timing Attacks
I've finished James Kettle's article about timing attacks, and it was super interesting. This issue or type of attack is probably relevant to a huge amount of web applications, much like how SQL injection was very common years ago.
James integrated his research into various Burp Suite tools, so it's also easy to find these vulnerabilities now.
I've only tried it a few times and have already found this issue in a web application.
A Few Other Notes
I had the chance to gain some experience with a Java Spring environment, so I learned a few new things about it, which was pretty fun.
I received a CVE number for the vulnerability I mentioned in the past. The next step is to contact the vendor.
I haven't heard anything new about the LFD vulnerability I found and sent through the VDP. I'll wait a week or two and see if there's any update.
Comments