Kingdom: Environment
This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.
Information Discovery: Content Management System
Abstract
Reconnaissance is a necessary precursor to any successful attack against an application. Attackers can use fingerprinting probes to identify the CMS used by the target application.
Explanation
Third-party applications that include content management systems with known vulnerabilities expand the attack surface available to the attacker. Deploying an unpatched or vulnerable version of a CMS can enable attackers to compromise the target by exploiting known vulnerabilities against the detected CMS.
Reconnaissance is a necessary precursor to any successful attack against an application. Attackers can use fingerprinting probes to identify the CMS used by the target application. This information can be used to:
- Devise attacks focused on exploiting known vulnerabilities reported against the detected CMS
- Test for default configuration properties that could lead to security weaknesses
desc.dynamic.xtended_preview.information_discovery_content_management_system