How I got my first CVE - CVE-2017-15872
Hello All, INTRODUCTION The purpose of this post is to let you know how I managed to get my first CVE and more importantly how you as a reader can adopt a similar strategy to earn a CVE against your name. Throughout this post, I will give you relevant examples/screenshots that demonstrates how I ended up finding the vulnerability and tips that are extremely handy. Alright, lets plunge into the Proof-Of-Concept ! PATH OF EXPLORATION I was searching for an open source CMS based application which can help me in testing for some bugs for learning purpose. I stumbled upon phpwcms application which I found interesting and immediately downloaded the same. After configuring the application I started to create dummy pages for testing. A few minutes later I came across a page where the administrator has the privilege to create users in phpwcms. I found out that the username field does not properly filter / sanitize the user input which thus, resulted into a ...