How I found my first mistake Or why you shouldn’t overlook the obvious.
1 min read
Summary
A novice cyber security worker describes their first experience finding a vulnerability and how they went about it.
They discovered a particular website used the WordPress content management system and consulted a vulnerability scanner, without success.
Instead, they manually checked the plugins and found Contact Form 7 version 5.3.1 was vulnerable; this gave the attacker permission to edit any file via a local edit file path injection vulnerability.
They followed a POC (proof of concept) on Github submitted by dn9uy3n, verifying the code and its effectiveness before attempting to exploit the vulnerability, and subsequently reported the vulnerability to the website owner.
The report was rewarded with a payment of $143.98, and the attacker stressed the importance of not relying solely on automated systems and taking a hands-on approach.