#pentest
Группа исследования уязвимостей Radware изучила список наиболее распространенных эксплойтов веб-сервисов 2020 года и представила в порядке убывания:
1. /ws/v1/cluster/apps/new-application
Apache Hadoop Unauthenticated Command Execution via YARN ResourceManager.
2. /manager/html
Apache Tomcat Manager Application Upload Authenticated Code Execution.
3. /level/15/exec/-/sh/run/CR
Cisco routers without authentication on the HTTP interface.
4. /admin/assets/js/views/login.js
Sangoma FreePBX – multiple vulnerabilities.
5. / ftptest.cgi?loginuse=&loginpas=
WIFICAM web camera – multiple vulnerabilities.
6. /service/extdirect
Sonatype Nexus Repository Manager – Remote Code Execution.
7. /solr/admin/info/system?wt=json
Apache Solr – Directory traversal vulnerability.
8. /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
PHPUnit testing framework for PHP – Remote Code Execution.
9. / hudson
Hudson continuous integration tool – multiple vulnerabilities.
Не забудьте проверить свои сервисы.
Группа исследования уязвимостей Radware изучила список наиболее распространенных эксплойтов веб-сервисов 2020 года и представила в порядке убывания:
1. /ws/v1/cluster/apps/new-application
Apache Hadoop Unauthenticated Command Execution via YARN ResourceManager.
2. /manager/html
Apache Tomcat Manager Application Upload Authenticated Code Execution.
3. /level/15/exec/-/sh/run/CR
Cisco routers without authentication on the HTTP interface.
4. /admin/assets/js/views/login.js
Sangoma FreePBX – multiple vulnerabilities.
5. / ftptest.cgi?loginuse=&loginpas=
WIFICAM web camera – multiple vulnerabilities.
6. /service/extdirect
Sonatype Nexus Repository Manager – Remote Code Execution.
7. /solr/admin/info/system?wt=json
Apache Solr – Directory traversal vulnerability.
8. /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
PHPUnit testing framework for PHP – Remote Code Execution.
9. / hudson
Hudson continuous integration tool – multiple vulnerabilities.
Не забудьте проверить свои сервисы.