Known web vulnerabilities can now be exploited automatically and reliably

A new automated system can find and exploit known weaknesses in web applications much more effectively than before. This means many web applications using common third-party components are now much easier to hack, even if the specific vulnerability is already known.

For years, web application operators could rely on the fact that even if a vulnerability was known, exploiting it often required manual effort. This paper shows that automated tools can now do that work with high success, shrinking the window for patching and increasing the risk of widespread attacks. It shifts the burden: if a flaw is known, assume it will be exploited quickly.