Shulou(Shulou.com)05/31 Report--

This article introduces you how to easily get the CNVD original loophole certificate, the content is very detailed, interested friends can refer to, hope to be helpful to you.

0x01 CNVD certificate acquisition condition 1. Event type

Event-based loopholes must be medium-and high-risk loopholes of the three major operators (China Mobile, China Unicom and Telecom). Or high-risk event loopholes of party and government organs, important industry units, scientific research institutes, important enterprises and institutions (such as: large state-owned enterprises of the central government, institutions directly under ministries and commissions, etc.) will issue original loophole certificates.

two。 Universal type

Here, we mainly introduce the method of obtaining general-purpose vulnerability certificates. General-purpose certificate issuance requires medium-and high-risk vulnerabilities with a vulnerability score of not less than 4.0 (to put it bluntly, low-risk certificate is not issued). General-purpose certificate acquisition methods need to meet two conditions:

1) at least ten vulnerability proof cases need to be given (for example, if SQL injection exists in all ten websites under a site-building platform, you need to provide the URL of these ten websites. The specific vulnerability reproduction method needs to reproduce at least 3 or 5 vulnerabilities in the doc file you upload, and the rest only need to attach the URL).

2) the loopholes found should correspond to a large number of company size and registered capital, otherwise the loopholes that may be submitted will be shot down (CNVD requires that the registered capital of the company must be not less than 50 million, but in practice it may not need so many, as long as it is not too small).

How do 0x02 rookies find general vulnerabilities 1. Find loopholes through the platform of building stations.

In our daily process of digging holes, we may have missed many opportunities to get a certificate, so we must be careful if we want to get a certificate. At the bottom of the website, we can easily see the word of technical support category. This may be the manufacturer that provides technical support, or it may be some other company that builds the platform.

Through Google search vendors, we can easily find this manufacturer and find that it is a site-building platform, because there is SQL injection in the above website, so sites that have used this site platform template may have injection. This is a way to get a license. Is there a feeling of missing one hundred thousand certificates?

two。 Using search engine to find weak passwords for security products of major manufacturers

Here we must make good use of search engines such as Google and Fofa to understand the grammar rules of these search engines. Because these search engines allow us to find vulnerabilities quickly and save us a lot of work.

Most of the products of major manufacturers have a weak password when they leave the factory, and most products, including security products, will not be forced to change the password after login, so many security products or network devices have the problem of weak password. At this time, we can search for some devices that have been mapped to the public network through Fofa.

Through FOfa we can find security products, we can find the weak password of the corresponding device through Google search, and if we are lucky, admin/admin will go in. Then we can collect more than ten devices that can be logged in with a weak password to submit CNVD, and the boss can find more and more valuable loopholes through weak password.

3. Discovery of vulnerabilities through white-box audit CMS

This way requires a certain degree of code audit skills, and is not suitable for rookies. But through the continuous efforts in the later stage, it can certainly be realized, after all, beating workers also have a dream!

By discovering the website framework or CMS used in the website, we can get the website source code from search engines such as GitHub or Google for code audit to find the loopholes in the code.

0x03 CNVD Certificate approval process

CNVD certificate issuing process is divided into: first-level audit, second-level audit, vulnerability verification, vulnerability disposal, three-level audit, vulnerability archiving.

Here, the third-level audit is the process of reproducing the loopholes submitted by CNVD, and it is also the most important step. Generally, both the first and second trials will pass. Whether you can get the certificate or not depends on whether the third-level audit can be passed. As long as you pass the third-level audit, you will get the basic certificate.

Now the CNVD audit seems to be faster, from submitting the vulnerability to getting the certificate usually takes about half a month.

Finally, two newly obtained certificates are attached to help the fun.

On how to easily win the CNVD original vulnerability certificate to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.