0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restructure repository: Remove OWASP categorization, organize by vulnerability type

Browse Source 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-04 19:01:04 +00:00
parent 274734e91a
commit ba72efbc5e
46 changed files with 341 additions and 323 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Vulnerable-Components/README.md
+25
View File
@@ -0,0 +1,25 @@
# Vulnerable Components
## Description
Using components with known vulnerabilities can lead to serious security breaches. This includes libraries, frameworks, and other software modules that run with the same privileges as the application. Vulnerable components can be exploited to achieve various attacks ranging from data theft to server takeover.
## Common Issues
- Outdated libraries
- Unpatched frameworks
- Deprecated components
- Components with known CVEs
- Unnecessary dependencies
## Common Attack Vectors
- Third-party libraries
- JavaScript frameworks
- Server-side frameworks
- CMS platforms
- Plugins and extensions
- Operating system packages
## Testing Approach
Identify the versions of components used by the application and check them against vulnerability databases for known security issues.
## Resources
See `vulnerable-components-list.txt` for a list of commonly vulnerable components and their indicators.
Vulnerable-Components/vulnerable-components-list.txt
+45
View File
@@ -0,0 +1,45 @@
# Common Vulnerable Components to Check
# JavaScript libraries
jquery-1.x.x (Multiple XSS vulnerabilities)
jquery-2.x.x (Before 2.2.0 - XSS)
angular-1.x.x (Template injection)
lodash-4.17.x (Prototype pollution)
bootstrap-3.x.x (XSS vulnerabilities)
moment.js (ReDoS)
axios-0.18.x (SSRF)
# Java libraries
log4j-2.x (Log4Shell - CVE-2021-44228)
spring-framework-4.x.x (Spring4Shell)
struts-2.x.x (Multiple RCE)
commons-collections-3.x (Deserialization)
jackson-databind (Deserialization issues)
# Python packages
django-1.x.x (Multiple security issues)
flask-0.x.x (Various vulnerabilities)
requests-2.x.x (Security issues)
pillow-<8.3.2 (Path traversal)
pyyaml-<5.4 (Arbitrary code execution)
# PHP libraries
phpmailer-<6.5.0 (RCE)
wordpress-<5.8 (Multiple vulnerabilities)
symfony-<4.4.35 (Various issues)
laravel-<8.75 (Authentication bypass)
# Ruby gems
rails-<6.1.4.2 (Multiple CVEs)
devise-<4.8.0 (Security issues)
nokogiri-<1.11.4 (XXE)
# .NET packages
Newtonsoft.Json-<13.0.1 (Deserialization)
System.Text.Json-<5.0.2 (DoS)
# Version detection strings
Server: Apache/2.4.49 (Vulnerable to path traversal)
X-Powered-By: PHP/7.3.0 (EOL)
X-AspNet-Version: 4.0.30319
Server: nginx/1.10.3 (Outdated)