banner
言心吾

言心吾のBlog

吾言为心声

How to quickly find the first vulnerability as a beginner in SRC mining (Part 2)

Introduction#

In the previous article, we detailed how beginners can quickly find their first vulnerability in the Security Response Center (SRC) mining process, including methods for mining common vulnerabilities such as SMS bombing, concurrency, CSRF, and privilege escalation. In order to further improve the efficiency and quality of vulnerability mining, we also need to develop good habits.

During the SRC mining process, systematically recording the information of each test site and feature point can not only help us manage the mining process more systematically, but also provide valuable references for subsequent retrospectives and in-depth exploitation. This article will provide a detailed introduction on how to create and use an Excel spreadsheet to record key information in vulnerability mining, as well as share strategies for vulnerability retrospectives and a complete vulnerability mining process, helping you become more efficient and organized in your SRC mining journey.

Using a Spreadsheet to Record the Mining Process and Treasure Sites#

In the process of vulnerability mining, it is a good habit to use an Excel spreadsheet to record key information. This not only helps in systematically managing and tracking each test site and its feature points, but also provides valuable data support for subsequent retrospectives.

How to Create a Vulnerability Mining Record Spreadsheet#

  1. Site Information

    • Site Name: Record the name of the target site.
    • Site URL: Record the URL of the target site.
  2. Feature Points

    • Feature Name: Record the feature module or specific feature point on the site (such as registration, login, password recovery, etc.).
    • Feature URL: Record the URL of the corresponding feature.
  3. Testing Status

    • Tested: Mark whether the feature has been tested (yes/no).
    • Test Date: Record the date of testing.
  4. Testing Approach

    • Vulnerability Type: Record the possible vulnerability types for the feature (such as CSRF, privilege escalation, SMS bombing, etc.).
    • Testing Method: Record the specific testing methods and approaches.
  5. Result Record

    • Test Result: Record the result of the test (vulnerability found/not found).
    • Vulnerability Details: Provide detailed information about the discovered vulnerability, including description, impact, and exploitation methods.
  6. Account Information

    • Account Type: Record the type of account used during testing (such as regular user, administrator, etc.).
    • Account Information: Record the account used during testing (such as username, password, etc.).
  7. Remarks

    • Other Information: Record any other relevant information or remarks.

Example Spreadsheet#

Here is a simplified example of an Excel spreadsheet:

Site NameSite URLFeature NameFeature URLTestedTest DateVulnerability TypeTesting MethodTest ResultVulnerability DetailsAccount TypeAccount InformationRemarks
Example Sitewww.example.comRegistration/registerYes2024-06-01CSRFConstruct malicious request and induce user to clickVulnerability foundUser can be tricked into changing passwordRegular user[email protected]Smooth testing process
Example Sitewww.example.comLogin/loginNo
Example Sitewww.example.comPassword Recovery/reset-passwordYes2024-06-02SMS bombingSimulate a large number of SMS requestsNo vulnerabilities foundSMS interface has rate limiting
Example Sitewww.example.comTransfer/transferYes2024-06-03ConcurrencyUse multithreading to simulate concurrent transfer requestsVulnerability foundAmount of transfer can be tampered withAdministrator[email protected]Further testing required

How to Use#

  1. Create a Template: Create an Excel template based on the above structure to ensure that it can be used directly when mining new sites.
  2. Regular Updates: Update the spreadsheet promptly after each test, recording the test results and approaches.
  3. Retrospectives and Summaries: Conduct regular retrospectives, analyze the tested features and discovered vulnerabilities, summarize lessons learned, and provide references for subsequent mining.
  4. Sharing and Collaboration: If working in a team, share the spreadsheet and communicate testing approaches and experiences with other team members.

Advantages#

  1. Systematic Information Management: Clear records of the testing status and results of each site and feature point, avoiding omissions.
  2. Facilitates Retrospectives and Summaries: Systematically record the testing process and approaches, which helps with subsequent retrospectives and experience summaries.
  3. Improves Efficiency: By recording testing methods and approaches, they can be referenced and reused in subsequent similar tests, improving testing efficiency.

In summary, using an Excel spreadsheet to record key information in vulnerability mining is not only a good habit, but also an efficient working method. We hope that the above suggestions can help you better conduct SRC mining and quickly find your first vulnerability.

Vulnerability Retrospectives#

Regularly conducting vulnerability retrospectives is crucial in the process of vulnerability mining. Through retrospectives, we can summarize lessons learned, optimize mining strategies, and improve the efficiency and quality of vulnerability discovery. Therefore, it is recommended to develop the habit of writing reports and retrospective documents, and systematically classify and organize them.

Developing the Habit of Writing Reports and Retrospective Documents#

  1. Regular Writing: After each vulnerability mining activity, promptly write detailed vulnerability reports and retrospective documents. The report should include vulnerability descriptions, impact analysis, exploitation methods, and remediation recommendations.
  2. Detailed Records: In the report, provide detailed records of the discovery process, testing methods, and results for each vulnerability, ensuring completeness and accuracy of information.
  3. Classification and Organization: Classify and organize the written reports and retrospective documents according to certain standards, making them easier to reference and reuse.

Classification Standards#

To better manage and utilize the written reports and retrospective documents, they can be classified according to the following standards:

  1. Ownership Classification

    • edusrc
    • Public Welfare SRC
    • Enterprise SRC
  2. Status Classification

    • Ignored: Includes vulnerabilities that have been confirmed not to pose actual risks.
    • Passed: Records vulnerabilities that have been confirmed and fixed by the target site.
    • Duplicate: Includes vulnerabilities that are valid but have been duplicated (can also be classified as ignored or passed based on personal preference).
    • Desensitized: Records vulnerabilities that require desensitization to ensure sensitive information is not leaked when publicly shared or reported.
  3. Vulnerability Type Classification

    • Classify based on different vulnerability types, such as CSRF, privilege escalation, SMS bombing, concurrency, etc.

Contents of Retrospective Documents#

Retrospective documents should include the following contents:

  1. Background Information: Briefly describe the background of vulnerability mining and information about the target site.
  2. Vulnerability Description: Provide detailed descriptions of each vulnerability, including vulnerability types and scope of impact.
  3. Testing Methods: Record the methods and steps used to discover the vulnerabilities, and provide information about the tools and scripts used during testing.
  4. Result Analysis: Analyze the test results, summarize the discovered vulnerabilities and their impact.
  5. Remediation Recommendations: Provide specific remediation recommendations for each vulnerability to help the target site improve its security.
  6. Lessons Learned: Summarize the experience and lessons learned during the mining process, provide improvement suggestions, and provide references for subsequent mining.

By developing the habit of writing reports and retrospective documents, and systematically classifying and organizing them, we can not only help manage vulnerability mining information systematically, but also summarize experience during retrospectives, optimize mining strategies, and improve the efficiency and effectiveness of vulnerability mining. We hope these suggestions can help you better conduct SRC mining and retrospectives.

Vulnerability Mining Process#

A systematic vulnerability mining process can help us discover and exploit vulnerabilities more efficiently. Here is a recommended mining process:

  1. Company Research
    First, use tools like "企查查" (Qichacha) to gather basic information about the target company. This can help us better identify the target site and understand its business scope and potential attack surface.

  2. Subdomain Enumeration
    Next, use subdomain enumeration tools to find all subdomains of the target company. Subdomains are often the main targets for attackers because they may not have the same strict security measures as the main site.

  3. Live Host Discovery
    Then, perform live host discovery on all subdomains to confirm which ones are online and can be further tested. Tools like httpx can be used for live host discovery.

  4. Target Weak Points
    Finally, select feature points that appear to have weaker security measures for testing. Typically, registration, login, and other feature points involving user input and sensitive operations are the main targets for attackers.

By following this process, we can conduct vulnerability mining in a more targeted manner and increase the success rate of vulnerability discovery.

Conclusion#

In the process of SRC vulnerability mining, systematic and organized working methods can not only improve efficiency, but also help us continuously optimize and improve mining strategies. In this article, we discussed how to use an Excel spreadsheet to record key information in vulnerability mining, and shared a complete vulnerability mining process and retrospective strategy.

We hope that through this article, you can master a more systematic and efficient SRC vulnerability mining method, continuously summarize and optimize it in practice, improve your vulnerability mining capabilities, and also hope to help confused beginners quickly go from zero to one and find their own valuable vulnerabilities. Vulnerability mining is a path of continuous learning and exploration. Only by maintaining curiosity and a passion for learning can we go further on this path.

We wish you fruitful results in your SRC mining journey and discover more valuable vulnerabilities!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.