AnsweredAssumed Answered

Adding new "Exploit" sources

Question asked by derekv on Feb 14, 2019
Latest reply on Feb 19, 2019 by Busby

Has Qualys put thought into expanding the source of exploits to include Github? We are seeing more and more researchers putting POC code out there on github but yet most the time Qualys notes "No exploitability" for the QID since it isn't on one of their 8 sources they account for. 

 

Or, if Qualys doesn't want to acknowledge the POC as an exploit (which I could understand since it may or may not be armed or fully baked), has there been thought to a new field for "POC Available" or something along those lines? Before I put a FR in I wanted to put some feelers out and see if this has already been discussed or not and if other Qualys users would also be interested.

 

Example QID 53021. That is the QID for the vuln noted as PrivExchange (Abusing Exchange: One API call away from Domain Admin - dirkjanm.io ). POC code exists (GitHub - dirkjanm/PrivExchange: Exchange your privileges for Domain Admin privs by abusing Exchange ) and I have already seen many reports of red teamers and pentest folks using this on engagements with great success. However, the QID is a sev 3 with no exploit per Qualys. If I am looking at that without background of the vuln, it seems a little less scary if just viewing it in Qualys. If I dig into the vuln and look at industry write ups and what not, it tells a different story... I know that the sev is based on cvss score ranges and I am not saying that needs to/should change. Food for thought.

 

 

Outcomes