How to execute a Proof of Concept (PoC) for any CVEs

السلام عليكم ورحمة الله وبركاته

CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number.

Security advisories issued by vendors and researchers almost always mention at least one CVE ID. CVEs help IT professionals coordinate their efforts to prioritize and address these vulnerabilities to make computer systems more secure.

Example

The initial step involves identifying all websites that utilize the affected product.

“Subsequently, we filter all the domains after downloading them from Shodan to preliminarily check if they are affected or not.”

“After that, we search the internet for proof-of-concept exploits for the vulnerability to determine how it can be exploited.” POC

“We utilize the proof-of-concept exploit to target the objective.”

“We begin executing the steps to exploit the vulnerability and verify its presence.”

“The target is indeed affected by the vulnerability. We are now attempting to upload a PHP shell code to gain control of the website.”

“The purpose of this write-up is educational. It aims to provide a detailed, step-by-step guide for identifying and exploiting vulnerabilities to enhance understanding and awareness of cybersecurity practices and techniques.”

لاتدع للفراغ فراغ بل اشغل الفراغ بما يشغل الفراغ عن الفراغ