Exploit Public-Facing Application concepts

- Let’s talk about how often our targets use services that are vulnerable.

- What do these services include?
— Plugins
— Themes
— Web Servers
— Mail Servers → Exchange
— …

Anytime you see the word **version**, you should know that you can probably exploit that title.
— For example:
— What is this site using? Elementor. What version? 3.2.3

Since it’s using something that has a version number, I’ll search for that version on Google.

search -> wordpress plugin elementor 3.2.3 vulnrability

(A question: Do all vulnerabilities have the potential for exploitation? Does every vulnerability have an exploit? If you are working somewhere, even if you don’t have the exploit, you should inform them that according to the documentation, this version of the service is vulnerable, but the exploit has not been made public yet)

You can check the CVE or vulnerabilities for your versions on sites like CVE Details to see what vulnerabilities have been disclosed and published.

Now that we have found a CVE affecting a specific version of Elementor, how do we exploit it?

Copy the name of the vulnerability:Copy the name of the vulnerability: CVE-2021–24891 DOM Cross-Site exploit

so search on Google :

search on Google : CVE-2021–24891 DOM Cross-Site exploit

We analyze all the Google search results:

I copy this part and add it to the end of my URL. Since it’s “example.com” first, we won’t copy it, but we’ll copy the rest and add it to the target site.

and Result :

twitter : https://x.com/alimostafaeiorg

writer : alimostafaei