Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners
Cryptography and Security
2020-06-18 v1
Abstract
The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model where the scan author becomes the victim of a counter-strike. We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS. Remarkably, RevOK also found a severe vulnerability in Metasploit Pro, a mainstream penetration testing tool.
Keywords
Cite
@article{arxiv.2006.09769,
title = {Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners},
author = {Andrea Valenza and Gabriele Costa and Alessandro Armando},
journal= {arXiv preprint arXiv:2006.09769},
year = {2020}
}
Comments
Accepted at RAID 2020