vulndb-0.1.3/0000775000175000017500000000000013534010726012372 5ustar etheth00000000000000vulndb-0.1.3/PKG-INFO0000664000175000017500000000706313534010726013475 0ustar etheth00000000000000Metadata-Version: 2.1 Name: vulndb Version: 0.1.3 Summary: Provides access to the vulndb information Home-page: https://github.com/vulndb/python-sdk/ Author: Andres Riancho Author-email: self@andresriancho.com License: BSD 3-clause Description: Python SDK to access the `vulnerability database `_ .. image:: https://circleci.com/gh/vulndb/python-sdk/tree/master.svg?style=svg :alt: Build Status :align: right :target: https://circleci.com/gh/vulndb/python-sdk/tree/master Installation ============ It's possible to install `the latest stable release from pypi `_: :: pip install vulndb Or if you're interested in the latest version from our repository: :: git clone https://github.com/vulndb/python-sdk.git python setup.py install Usage ===== :: >>> from vulndb import DBVuln >>> dbv = DBVuln.from_id(42) >>> dbv.title 'SQL Injection' >>> dbv.description 'A long and actionable description for SQL injection ...' >>> dbv.fix_guidance 'Explains the developer how to fix SQL injections, usually a couple of

long ...' >>> dbv.severity 'high' >>> r = dbv.references[0] >>> r.url 'http://example.com/sqli-description.html' >>> r.title 'SQL injection cheat-sheet' More attributes, methods and helpers are well documented and available in the `source code `_. Contributing ============ Send your `pull requests `_ with improvements and bug fixes, making sure that all tests ``PASS``: :: $ cd python-sdk $ virtualenv venv $ . venv/bin/activate $ pip install -r vulndb/requirements-dev.txt $ nosetests vulndb/ .......... ---------------------------------------------------------------------- Ran 10 tests in 0.355s OK Updating the database ===================== This package embeds the `vulnerability database `_ in the ``vulndb/db/`` directory. To update the database with new information follow these steps: :: # Update the database tools/update-db.sh After updating the database it's a good idea to publish the latest at ``pypi`` using: :: rm -rf dist/ python setup.py sdist bdist_wheel twine check dist/* twine upload dist/* Platform: Linux Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: BSD License Classifier: Natural Language :: English Classifier: Operating System :: POSIX :: Linux Classifier: Operating System :: Microsoft :: Windows Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Topic :: Security Description-Content-Type: text/x-rst vulndb-0.1.3/.circleci/0000775000175000017500000000000013534010726014225 5ustar etheth00000000000000vulndb-0.1.3/.circleci/config.yml0000664000175000017500000000122413404715732016221 0ustar etheth00000000000000# # This file is used to configure the continuous integration for vulndb/data # # As a user you don't need to understand this file. # version: 2 jobs: build: docker: - image: circleci/python:2.7.14 steps: - checkout - run: command: | pip install --upgrade pip pip install --user --upgrade -r vulndb/requirements-dev.txt pip --version pip freeze - run: command: | /home/circleci/.local/bin/nosetests -s -v vulndb/ /home/circleci/.local/bin/pylint --msg-template='{msg_id}:{line:3d},{column}: {obj}: {msg}' -E vulndb/ setup.py vulndb-0.1.3/vulndb.egg-info/0000775000175000017500000000000013534010726015356 5ustar etheth00000000000000vulndb-0.1.3/vulndb.egg-info/PKG-INFO0000664000175000017500000000706313534010726016461 0ustar etheth00000000000000Metadata-Version: 2.1 Name: vulndb Version: 0.1.3 Summary: Provides access to the vulndb information Home-page: https://github.com/vulndb/python-sdk/ Author: Andres Riancho Author-email: self@andresriancho.com License: BSD 3-clause Description: Python SDK to access the `vulnerability database `_ .. image:: https://circleci.com/gh/vulndb/python-sdk/tree/master.svg?style=svg :alt: Build Status :align: right :target: https://circleci.com/gh/vulndb/python-sdk/tree/master Installation ============ It's possible to install `the latest stable release from pypi `_: :: pip install vulndb Or if you're interested in the latest version from our repository: :: git clone https://github.com/vulndb/python-sdk.git python setup.py install Usage ===== :: >>> from vulndb import DBVuln >>> dbv = DBVuln.from_id(42) >>> dbv.title 'SQL Injection' >>> dbv.description 'A long and actionable description for SQL injection ...' >>> dbv.fix_guidance 'Explains the developer how to fix SQL injections, usually a couple of

long ...' >>> dbv.severity 'high' >>> r = dbv.references[0] >>> r.url 'http://example.com/sqli-description.html' >>> r.title 'SQL injection cheat-sheet' More attributes, methods and helpers are well documented and available in the `source code `_. Contributing ============ Send your `pull requests `_ with improvements and bug fixes, making sure that all tests ``PASS``: :: $ cd python-sdk $ virtualenv venv $ . venv/bin/activate $ pip install -r vulndb/requirements-dev.txt $ nosetests vulndb/ .......... ---------------------------------------------------------------------- Ran 10 tests in 0.355s OK Updating the database ===================== This package embeds the `vulnerability database `_ in the ``vulndb/db/`` directory. To update the database with new information follow these steps: :: # Update the database tools/update-db.sh After updating the database it's a good idea to publish the latest at ``pypi`` using: :: rm -rf dist/ python setup.py sdist bdist_wheel twine check dist/* twine upload dist/* Platform: Linux Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: BSD License Classifier: Natural Language :: English Classifier: Operating System :: POSIX :: Linux Classifier: Operating System :: Microsoft :: Windows Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Topic :: Security Description-Content-Type: text/x-rst vulndb-0.1.3/vulndb.egg-info/top_level.txt0000664000175000017500000000000713534010726020105 0ustar etheth00000000000000vulndb vulndb-0.1.3/vulndb.egg-info/not-zip-safe0000664000175000017500000000000113404716051017604 0ustar etheth00000000000000 vulndb-0.1.3/vulndb.egg-info/dependency_links.txt0000664000175000017500000000000113534010726021424 0ustar etheth00000000000000 vulndb-0.1.3/vulndb.egg-info/SOURCES.txt0000664000175000017500000001624213534010726017247 0ustar etheth00000000000000.gitignore LICENSE README.rst setup.py .circleci/config.yml tools/semver.sh tools/update-db.sh vulndb/__init__.py vulndb/db-version.txt vulndb/db_vuln.py vulndb/requirements-dev.txt vulndb/version.txt vulndb.egg-info/PKG-INFO vulndb.egg-info/SOURCES.txt vulndb.egg-info/dependency_links.txt vulndb.egg-info/not-zip-safe vulndb.egg-info/top_level.txt vulndb/constants/__init__.py vulndb/constants/cwe.py vulndb/constants/owasp.py vulndb/constants/wasc.py vulndb/db/en/1-allowed-http-methods.json vulndb/db/en/10-common-sensitive-file.json vulndb/db/en/11-cookie-set-for-parent-domain.json vulndb/db/en/12-credit-card-number-disclosure.json vulndb/db/en/13-cross-site-request-forgery.json vulndb/db/en/14-cvs-svn-user-disclosure.json vulndb/db/en/15-directory-listing.json vulndb/db/en/16-e-mail-address-disclosure.json vulndb/db/en/17-file-inclusion.json vulndb/db/en/18-form-based-file-upload.json vulndb/db/en/19-missing-strict-transport-security-header.json vulndb/db/en/2-a-backdoor-file-exists-on-the-server.json vulndb/db/en/20-misconfiguration-in-limit-directive-of-htaccess-file.json vulndb/db/en/21-html-object.json vulndb/db/en/22-httponly-cookie.json vulndb/db/en/23-publicly-writable-directory.json vulndb/db/en/24-insecure-client-access-policy.json vulndb/db/en/25-insecure-cookie.json vulndb/db/en/26-access-control-allow-origin-star.json vulndb/db/en/27-insecure-cross-domain-policy-allow-access-from.json vulndb/db/en/29-interesting-response.json vulndb/db/en/3-backup-directory.json vulndb/db/en/30-ldap-injection.json vulndb/db/en/31-exposed-localstart-asp-page.json vulndb/db/en/32-mixed-resource.json vulndb/db/en/33-nosql-injection.json vulndb/db/en/34-blind-nosql-injection-differential-analysis.json vulndb/db/en/35-access-restriction-bypass-via-origin-spoof.json vulndb/db/en/36-operating-system-command-injection.json vulndb/db/en/38-password-field-with-auto-complete.json vulndb/db/en/39-path-traversal.json vulndb/db/en/4-backup-file.json vulndb/db/en/40-private-ip-address-disclosure.json vulndb/db/en/41-response-splitting.json vulndb/db/en/42-remote-file-inclusion.json vulndb/db/en/43-session-fixation.json vulndb/db/en/44-source-code-disclosure.json vulndb/db/en/45-sql-injection.json vulndb/db/en/46-blind-sql-injection.json vulndb/db/en/47-blind-sql-injection-timing-attack.json vulndb/db/en/48-disclosed-us-social-security-number-ssn.json vulndb/db/en/49-unencrypted-password-form.json vulndb/db/en/5-captcha-protected-form.json vulndb/db/en/50-unvalidated-redirect.json vulndb/db/en/51-unvalidated-dom-redirect.json vulndb/db/en/52-webdav.json vulndb/db/en/53-missing-x-frame-options-header.json vulndb/db/en/54-xpath-injection.json vulndb/db/en/55-cross-site-scripting-xss.json vulndb/db/en/56-dom-based-cross-site-scripting-xss.json vulndb/db/en/6-code-injection.json vulndb/db/en/63-http-trace.json vulndb/db/en/64-xml-external-entity.json vulndb/db/en/65-arbitrary-file-upload.json vulndb/db/en/66-insecure-ssl-version.json vulndb/db/en/67-self-signed-ssl-certificate.json vulndb/db/en/68-shellshock.json vulndb/db/en/69-insecure-frontpage-configuration.json vulndb/db/en/70-persistent-xss.json vulndb/db/en/71-reflected-file-download.json vulndb/db/en/72-cache-control-headers.json vulndb/db/en/73-information-leak-stack-trace.json vulndb/db/en/74-phishing-vector.json vulndb/db/en/75-guessable-credentials.json vulndb/db/en/76-x-content-type-options_header_missing.json vulndb/db/en/77-http-basic-authentication-credentials.json vulndb/db/en/8-code-injection.json vulndb/db/en/9-common-directory.json vulndb/db/en/description/1.md vulndb/db/en/description/10.md vulndb/db/en/description/11.md vulndb/db/en/description/12.md vulndb/db/en/description/13.md vulndb/db/en/description/14.md vulndb/db/en/description/15.md vulndb/db/en/description/16.md vulndb/db/en/description/17.md vulndb/db/en/description/18.md vulndb/db/en/description/19.md vulndb/db/en/description/2.md vulndb/db/en/description/20.md vulndb/db/en/description/21.md vulndb/db/en/description/22.md vulndb/db/en/description/23.md vulndb/db/en/description/24.md vulndb/db/en/description/25.md vulndb/db/en/description/26.md vulndb/db/en/description/27.md vulndb/db/en/description/29.md vulndb/db/en/description/3.md vulndb/db/en/description/30.md vulndb/db/en/description/31.md vulndb/db/en/description/32.md vulndb/db/en/description/33.md vulndb/db/en/description/34.md vulndb/db/en/description/35.md vulndb/db/en/description/36.md vulndb/db/en/description/38.md vulndb/db/en/description/39.md vulndb/db/en/description/4.md vulndb/db/en/description/40.md vulndb/db/en/description/41.md vulndb/db/en/description/42.md vulndb/db/en/description/43.md vulndb/db/en/description/44.md vulndb/db/en/description/45.md vulndb/db/en/description/46.md vulndb/db/en/description/47.md vulndb/db/en/description/48.md vulndb/db/en/description/49.md vulndb/db/en/description/5.md vulndb/db/en/description/50.md vulndb/db/en/description/51.md vulndb/db/en/description/52.md vulndb/db/en/description/53.md vulndb/db/en/description/54.md vulndb/db/en/description/55.md vulndb/db/en/description/56.md vulndb/db/en/description/6.md vulndb/db/en/description/63.md vulndb/db/en/description/64.md vulndb/db/en/description/65.md vulndb/db/en/description/66.md vulndb/db/en/description/67.md vulndb/db/en/description/68.md vulndb/db/en/description/69.md vulndb/db/en/description/70.md vulndb/db/en/description/71.md vulndb/db/en/description/72.md vulndb/db/en/description/73.md vulndb/db/en/description/74.md vulndb/db/en/description/75.md vulndb/db/en/description/76.md vulndb/db/en/description/77.md vulndb/db/en/description/8.md vulndb/db/en/description/9.md vulndb/db/en/fix/1.md vulndb/db/en/fix/10.md vulndb/db/en/fix/11.md vulndb/db/en/fix/12.md vulndb/db/en/fix/13.md vulndb/db/en/fix/14.md vulndb/db/en/fix/15.md vulndb/db/en/fix/16.md vulndb/db/en/fix/17.md vulndb/db/en/fix/18.md vulndb/db/en/fix/19.md vulndb/db/en/fix/2.md vulndb/db/en/fix/20.md vulndb/db/en/fix/21.md vulndb/db/en/fix/22.md vulndb/db/en/fix/23.md vulndb/db/en/fix/24.md vulndb/db/en/fix/25.md vulndb/db/en/fix/26.md vulndb/db/en/fix/27.md vulndb/db/en/fix/28.md vulndb/db/en/fix/29.md vulndb/db/en/fix/3.md vulndb/db/en/fix/30.md vulndb/db/en/fix/31.md vulndb/db/en/fix/32.md vulndb/db/en/fix/33.md vulndb/db/en/fix/34.md vulndb/db/en/fix/35.md vulndb/db/en/fix/36.md vulndb/db/en/fix/37.md vulndb/db/en/fix/38.md vulndb/db/en/fix/39.md vulndb/db/en/fix/4.md vulndb/db/en/fix/40.md vulndb/db/en/fix/41.md vulndb/db/en/fix/42.md vulndb/db/en/fix/43.md vulndb/db/en/fix/44.md vulndb/db/en/fix/45.md vulndb/db/en/fix/46.md vulndb/db/en/fix/47.md vulndb/db/en/fix/48.md vulndb/db/en/fix/49.md vulndb/db/en/fix/5.md vulndb/db/en/fix/50.md vulndb/db/en/fix/51.md vulndb/db/en/fix/52.md vulndb/db/en/fix/53.md vulndb/db/en/fix/54.md vulndb/db/en/fix/55.md vulndb/db/en/fix/56.md vulndb/db/en/fix/57.md vulndb/db/en/fix/6.md vulndb/db/en/fix/7.md vulndb/db/en/fix/8.md vulndb/db/en/fix/9.md vulndb/tests/__init__.py vulndb/tests/test_db_vuln.py vulndb/tests/test_latest_vulndb_data.py vulndb/tests/test_load_all_json.py vulndb/tests/test_proper_data_installation.py vulndb/tests/db/en/123-spec-example.json vulndb/tests/db/en/description/1.md vulndb/tests/db/en/fix/39.md vulndb/tests/db/es/123-spec-example.json vulndb/tests/db/es/description/1.md vulndb/tests/db/es/fix/39.mdvulndb-0.1.3/LICENSE0000664000175000017500000000270313404715732013406 0ustar etheth00000000000000Copyright (c) 2015, vulndb All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of python-sdk nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. vulndb-0.1.3/.gitignore0000664000175000017500000000127513404715732014374 0ustar etheth00000000000000# Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] # C extensions *.so # Distribution / packaging .Python env/ build/ develop-eggs/ dist/ downloads/ eggs/ lib/ lib64/ parts/ sdist/ var/ *.egg-info/ .installed.cfg *.egg # PyInstaller # Usually these files are written by a python script from a template # before PyInstaller builds the exe, so as to inject date/other infos into it. *.manifest *.spec # Installer logs pip-log.txt pip-delete-this-directory.txt # Unit test / coverage reports htmlcov/ .tox/ .coverage .cache nosetests.xml coverage.xml # Translations *.mo *.pot # Django stuff: *.log # Sphinx documentation docs/_build/ # PyBuilder target/ .idea data/ venv/ .eggs/ vulndb-0.1.3/vulndb/0000775000175000017500000000000013534010726013664 5ustar etheth00000000000000vulndb-0.1.3/vulndb/__init__.py0000664000175000017500000000010413534007014015764 0ustar etheth00000000000000from __future__ import absolute_import from .db_vuln import DBVuln vulndb-0.1.3/vulndb/requirements-dev.txt0000664000175000017500000000011013404715732017721 0ustar etheth00000000000000# pylint pylint==1.8.4 # Nose nose==1.3.4 termcolor==1.1.0 yanc==0.2.4 vulndb-0.1.3/vulndb/tests/0000775000175000017500000000000013534010726015026 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/__init__.py0000664000175000017500000000000113404715732017133 0ustar etheth00000000000000 vulndb-0.1.3/vulndb/tests/test_latest_vulndb_data.py0000664000175000017500000000202313534007014022267 0ustar etheth00000000000000import shutil import unittest import subprocess from vulndb.db_vuln import DBVuln VULNDB_DATA = 'https://github.com/vulndb/data.git' LATEST_COMMIT = 'git rev-parse HEAD' class TestLatestDBUsed(unittest.TestCase): def test_latest_db_used(self): subprocess.check_output('git clone %s' % VULNDB_DATA, shell=True, cwd='/tmp/', stderr=subprocess.PIPE) latest_commit = subprocess.check_output(LATEST_COMMIT, shell=True, cwd='/tmp/data/') latest_commit = latest_commit.decode('utf-8') shutil.rmtree('/tmp/data/') latest_commit = latest_commit.strip() latest_saved_commit = DBVuln.get_db_version() self.assertEqual(latest_commit, latest_saved_commit, msg='DB version mismatch, this usually gets fixed' ' by running tools/update-db.sh') vulndb-0.1.3/vulndb/tests/test_db_vuln.py0000664000175000017500000001355013404715732020101 0ustar etheth00000000000000import unittest import os from vulndb import DBVuln from vulndb.db_vuln import Reference MOCK_TITLE = 'Title' MOCK_DESC = 'Description for the vulnerability' MOCK_ID = 123 MOCK_SEVERITY = 'medium' MOCK_WASC = ['2'] MOCK_TAGS = ['hello', 'world'] MOCK_CWE = ['89'] MOCK_OWASP_TOP_10 = {"2010": [1], "2013": [2]} MOCK_FIX_EFFORT = 50 MOCK_FIX_GUIDANCE = "A very long text explaining how to fix..." MOCK_DB_FILE = 'path/to/file.json' MOCK_REFERENCES = [{"url": "http://foo.com/xss", "title": "First reference to XSS vulnerability"}, {"url": "http://asp.net/xss", "title": "How to fix XSS vulns in ASP.NET"}] class TestDBVuln(unittest.TestCase): DEFAULT_KWARGS = { '_id': MOCK_ID, 'title': MOCK_TITLE, 'description': MOCK_DESC, 'severity': MOCK_SEVERITY, 'wasc': MOCK_WASC, 'tags': MOCK_TAGS, 'cwe': MOCK_CWE, 'owasp_top_10': MOCK_OWASP_TOP_10, 'fix_effort': MOCK_FIX_EFFORT, 'fix_guidance': MOCK_FIX_GUIDANCE, 'references': MOCK_REFERENCES, 'db_file': MOCK_DB_FILE } def setUp(self): self.original_db_path = DBVuln.DB_PATH current_dir = os.path.dirname(os.path.realpath(__file__)) DBVuln.DB_PATH = os.path.join(current_dir, 'db') def tearDown(self): DBVuln.DB_PATH = self.original_db_path def test_basic(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.title, MOCK_TITLE) self.assertEqual(dbv.description, MOCK_DESC) self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, MOCK_WASC) self.assertEqual(dbv.tags, MOCK_TAGS) self.assertEqual(dbv.cwe, MOCK_CWE) self.assertEqual(dbv.owasp_top_10, MOCK_OWASP_TOP_10) self.assertEqual(dbv.fix_effort, MOCK_FIX_EFFORT) self.assertEqual(dbv.fix_guidance, MOCK_FIX_GUIDANCE) self.assertEqual(dbv.references, MOCK_REFERENCES) self.assertEqual(dbv.db_file, MOCK_DB_FILE) def test_from_file(self): _file = os.path.join(DBVuln.DB_PATH, DBVuln.DEFAULT_LANG, '123-spec-example.json') dbv_1 = DBVuln.from_file(_file) dbv_2 = DBVuln.from_id(123) self.assertEqual(dbv_1, dbv_2) self.assertEqual(dbv_1.db_file, _file) def test_from_id(self): dbv = DBVuln.from_id(123) _file = os.path.join(DBVuln.DB_PATH, DBVuln.DEFAULT_LANG, '123-spec-example.json') self.assertEqual(dbv.db_file, _file) expected_references = [Reference("http://foo.com/xss", "First reference to XSS vulnerability"), Reference("http://asp.net/xss", "How to fix XSS vulns in ASP.NET")] self.assertEqual(dbv.title, u'Cross-Site Scripting') self.assertEqual(dbv.description, u'A very long text explaining what a XSS' u' vulnerability is') self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, [u'0003']) self.assertEqual(dbv.tags, [u'xss', u'client side']) self.assertEqual(dbv.cwe, [u'0003', u'0007']) self.assertEqual(dbv.owasp_top_10, {"2010": [1], "2013": [2]},) self.assertEqual(dbv.references, expected_references) self.assertEqual(dbv.fix_effort, 50) self.assertEqual(dbv.fix_guidance, u'A very long text explaining how developers' u' should prevent\nXSS vulnerabilities.\n') def test_get_cwe_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.get_cwe_url(89), 'https://cwe.mitre.org/data/definitions/89.html') def test_get_wasc_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.get_wasc_url(3), 'http://projects.webappsec.org/w/page/13246946/Integer%20Overflows') def test_get_owasp_top_10_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.get_owasp_top_10_url(2010, 2), 'https://www.owasp.org/index.php/Top_10_2010-A2') self.assertEqual(dbv.get_owasp_top_10_url(2013, 2), 'https://www.owasp.org/index.php/Top_10_2013-A2') self.assertEqual(dbv.get_owasp_top_10_url(2033, 2), None) def test_load_es_lang(self): language = 'es' _file = os.path.join(DBVuln.DB_PATH, language, '123-spec-example.json') dbv_1 = DBVuln.from_file(_file, language=language) dbv_2 = DBVuln.from_id(123, language=language) self.assertEqual(dbv_1, dbv_2) self.assertEqual(dbv_1.db_file, _file) dbv = dbv_1 expected_references = [Reference("http://foo.es/xss", "Primera referencia a una vulnerabilidad de XSS"), Reference("http://asp.net/xss", "Como arreglar XSS en .NET")] self.assertEqual(dbv.title, u'Cross-Site Scripting en ES') self.assertEqual(dbv.description, u'Un texto largo donde se explica que es un XSS') self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, [u'0003']) self.assertEqual(dbv.tags, [u'xss', u'client side']) self.assertEqual(dbv.cwe, [u'0003', u'0007']) self.assertEqual(dbv.owasp_top_10, {"2010": [1], "2013": [2]},) self.assertEqual(dbv.references, expected_references) self.assertEqual(dbv.fix_effort, 50) self.assertEqual(dbv.fix_guidance, u'Y otro texto largo donde se explica como' u' arreglar vulnerabilidades de XSS')vulndb-0.1.3/vulndb/tests/test_load_all_json.py0000664000175000017500000000331013534007014021230 0ustar etheth00000000000000from past.builtins import basestring import unittest import types import os from vulndb import DBVuln from vulndb.db_vuln import Reference class TestLoadAllJSON(unittest.TestCase): maxDiff = None def test_from_file(self): failed_json_files = [] processed_files = [] for language in DBVuln.get_all_languages(): json_path = os.path.join(DBVuln.DB_PATH, language) for _fname in os.listdir(json_path): _file_path = os.path.join(json_path, _fname) if os.path.isdir(_file_path): continue try: DBVuln.LANG = language dbv = DBVuln.from_file(_file_path) except: failed_json_files.append(_fname) continue processed_files.append(_fname) self.assertIsInstance(dbv.title, basestring) self.assertIsInstance(dbv.description, basestring) self.assertIsInstance(dbv.id, int) self.assertIsInstance(dbv.severity, basestring) self.assertIsInstance(dbv.wasc, (type(None), list)) self.assertIsInstance(dbv.tags, (type(None), list)) self.assertIsInstance(dbv.cwe, (type(None), list)) self.assertIsInstance(dbv.owasp_top_10, (type(None), dict)) self.assertIsInstance(dbv.fix_effort, int) self.assertIsInstance(dbv.fix_guidance, basestring) for ref in dbv.references: self.assertIsInstance(ref, Reference) self.assertEqual(failed_json_files, []) self.assertGreater(len(processed_files), 20) vulndb-0.1.3/vulndb/tests/test_proper_data_installation.py0000664000175000017500000000131113534007014023510 0ustar etheth00000000000000import subprocess import unittest class TestDataIsInstalled(unittest.TestCase): TEST_CMD = "python -c 'from vulndb import DBVuln; DBVuln.from_id(1)'" def test_data_is_installed_in_virtualenv(self): # When we run this in the current CMD it will load the python class # and db files from this directory (because of python's PATH) subprocess.check_output(self.TEST_CMD, shell=True) # Install subprocess.check_output('python setup.py install', shell=True) # Now we run it in /tmp , where there is no vulndb in current PATH # so it will try to find it inside the site-packages subprocess.check_output(self.TEST_CMD, shell=True, cwd='/tmp/') vulndb-0.1.3/vulndb/tests/db/0000775000175000017500000000000013534010726015413 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/en/0000775000175000017500000000000013534010726016015 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/en/fix/0000775000175000017500000000000013534010726016603 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/en/fix/39.md0000664000175000017500000000011713404715732017364 0ustar etheth00000000000000A very long text explaining how developers should prevent XSS vulnerabilities. vulndb-0.1.3/vulndb/tests/db/en/123-spec-example.json0000664000175000017500000000107313404715732021604 0ustar etheth00000000000000{ "id": 123, "title": "Cross-Site Scripting", "description": { "$ref": "#/files/description/1" }, "severity": "medium", "wasc": ["0003"], "tags": ["xss", "client side"], "cwe": ["0003", "0007"], "owasp_top_10": { "2010": [1], "2013": [2] }, "fix": { "guidance": { "$ref": "#/files/fix/39" }, "effort": 50 }, "references": [ {"url": "http://foo.com/xss", "title": "First reference to XSS vulnerability"}, {"url": "http://asp.net/xss", "title": "How to fix XSS vulns in ASP.NET"} ] }vulndb-0.1.3/vulndb/tests/db/en/description/0000775000175000017500000000000013534010726020340 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/en/description/1.md0000664000175000017500000000006713404715732021032 0ustar etheth00000000000000A very long text explaining what a XSS vulnerability isvulndb-0.1.3/vulndb/tests/db/es/0000775000175000017500000000000013534010726016022 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/es/fix/0000775000175000017500000000000013534010726016610 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/es/fix/39.md0000664000175000017500000000011113404715732017363 0ustar etheth00000000000000Y otro texto largo donde se explica como arreglar vulnerabilidades de XSSvulndb-0.1.3/vulndb/tests/db/es/123-spec-example.json0000664000175000017500000000110413404715732021604 0ustar etheth00000000000000{ "id": 123, "title": "Cross-Site Scripting en ES", "description": { "$ref": "#/files/description/1" }, "severity": "medium", "wasc": ["0003"], "tags": ["xss", "client side"], "cwe": ["0003", "0007"], "owasp_top_10": { "2010": [1], "2013": [2] }, "fix": { "guidance": { "$ref": "#/files/fix/39" }, "effort": 50 }, "references": [ {"url": "http://foo.es/xss", "title": "Primera referencia a una vulnerabilidad de XSS"}, {"url": "http://asp.net/xss", "title": "Como arreglar XSS en .NET"} ] }vulndb-0.1.3/vulndb/tests/db/es/description/0000775000175000017500000000000013534010726020345 5ustar etheth00000000000000vulndb-0.1.3/vulndb/tests/db/es/description/1.md0000664000175000017500000000005513404715732021034 0ustar etheth00000000000000Un texto largo donde se explica que es un XSSvulndb-0.1.3/vulndb/constants/0000775000175000017500000000000013534010726015700 5ustar etheth00000000000000vulndb-0.1.3/vulndb/constants/__init__.py0000664000175000017500000000000113404715732020005 0ustar etheth00000000000000 vulndb-0.1.3/vulndb/constants/wasc.py0000664000175000017500000000672713404715732017230 0ustar etheth00000000000000WASC_URL = 'http://projects.webappsec.org/w/page' WASC_ID_TO_URL = {42: WASC_URL + '/13246913/Abuse%20of%20Functionality', 11: WASC_URL + '/13246915/Brute%20Force', 7: WASC_URL + '/13246916/Buffer%20Overflow', 12: WASC_URL + '/13246917/Content%20Spoofing', 18: WASC_URL + '/13246918/Credential%20and%20Session%20Prediction', 8: WASC_URL + '/13246920/Cross%20Site%20Scripting', 9: WASC_URL + '/13246919/Cross%20Site%20Request%20Forgery', 10: WASC_URL + '/13246921/Denial%20of%20Service', 45: WASC_URL + '/13246925/Fingerprinting', 27: WASC_URL + '/13246930/HTTP%20Response%20Smuggling', 25: WASC_URL + '/13246931/HTTP%20Response%20Splitting', 26: WASC_URL + '/13246928/HTTP%20Request%20Smuggling', 24: WASC_URL + '/13246929/HTTP%20Request%20Splitting', 3: WASC_URL + '/13246946/Integer%20Overflows', 6: WASC_URL + '/13246926/Format%20String', 29: WASC_URL + '/13246947/LDAP%20Injection', 30: WASC_URL + '/13246948/Mail%20Command%20Injection', 28: WASC_URL + '/13246949/Null%20Byte%20Injection', 31: WASC_URL + '/13246950/OS%20Commanding', 33: WASC_URL + '/13246952/Path%20Traversal', 34: WASC_URL + '/13246953/Predictable%20Resource%20Location', 5: WASC_URL + '/13246955/Remote%20File%20Inclusion', 32: WASC_URL + '/13246956/Routing%20Detour', 37: WASC_URL + '/13246960/Session%20Fixation', 35: WASC_URL + '/13246962/SOAP%20Array%20Abuse', 36: WASC_URL + '/13246964/SSI%20Injection', 19: WASC_URL + '/13246963/SQL%20Injection', 38: WASC_URL + '/13246981/URL%20Redirector%20Abuse', 39: WASC_URL + '/13247005/XPath%20Injection', 41: WASC_URL + '/13247001/XML%20Attribute%20Blowup', 43: WASC_URL + '/13247003/XML%20External%20Entities', 44: WASC_URL + '/13247002/XML%20Entity%20Expansion', 23: WASC_URL + '/13247004/XML%20Injection', 46: WASC_URL + '/13247006/XQuery%20Injection', 15: WASC_URL + '/13246914/Application%20Misconfiguration', 16: WASC_URL + '/13246922/Directory%20Indexing', 17: WASC_URL + '/13246932/Improper%20Filesystem%20Permissions', 20: WASC_URL + '/13246933/Improper%20Input%20Handling', 22: WASC_URL + '/13246934/Improper%20Output%20Handling', 13: WASC_URL + '/13246936/Information%20Leakage', 48: WASC_URL + '/13246937/Insecure%20Indexing', 21: WASC_URL + '/13246938/Insufficient%20Anti-automation', 1: WASC_URL + '/13246939/Insufficient%20Authentication', 2: WASC_URL + '/13246940/Insufficient%20Authorization', 49: WASC_URL + '/13246942/Insufficient%20Password%20Recovery', 40: WASC_URL + '/13246943/Insufficient%20Process%20Validation', 47: WASC_URL + '/13246944/Insufficient%20Session%20Expiration', 4: WASC_URL + '/13246945/Insufficient%20Transport%20Layer%20Protection', 14: WASC_URL + '/13246959/Server%20Misconfiguration' } vulndb-0.1.3/vulndb/constants/cwe.py0000664000175000017500000000007713404715732017041 0ustar etheth00000000000000CWE_URL_FMT = 'https://cwe.mitre.org/data/definitions/%s.html' vulndb-0.1.3/vulndb/constants/owasp.py0000664000175000017500000000023213404715732017405 0ustar etheth00000000000000OWASP_TOP10_2010_URL_FMT = 'https://www.owasp.org/index.php/Top_10_2010-A%s' OWASP_TOP10_2013_URL_FMT = 'https://www.owasp.org/index.php/Top_10_2013-A%s' vulndb-0.1.3/vulndb/db-version.txt0000664000175000017500000000005113534006177016476 0ustar etheth0000000000000020459bc133f0c09d06d5c78efe77079f1ce4a5c0 vulndb-0.1.3/vulndb/db_vuln.py0000664000175000017500000002471513534007014015674 0ustar etheth00000000000000from builtins import object import os import json from vulndb.constants.wasc import WASC_ID_TO_URL from vulndb.constants.cwe import CWE_URL_FMT from vulndb.constants.owasp import (OWASP_TOP10_2010_URL_FMT, OWASP_TOP10_2013_URL_FMT) class DBVuln(object): """ Wrapper around a vulnerability as defined in vulndb JSON files. :see: https://github.com/vulndb/data/issues/5 :see: https://github.com/vulndb/data """ DB_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'db') DB_VERSION_FILE = 'db-version.txt' DEFAULT_LANG = 'en' def __init__(self, _id=None, title=None, description=None, severity=None, wasc=None, tags=None, cwe=None, owasp_top_10=None, fix_guidance=None, fix_effort=None, references=None, db_file=None): """ Creates a new DBVuln, setting the internal attributes to the provided kwargs. """ self.id = _id self.title = title self.description = description self.severity = severity self.wasc = wasc self.tags = tags self.cwe = cwe self.owasp_top_10 = owasp_top_10 self.fix_guidance = fix_guidance self.fix_effort = fix_effort self.references = references self.db_file = db_file @staticmethod def get_json_path(language=DEFAULT_LANG): """ :param language: The user's language (en, es, etc.) :return: The path where the json files are located """ return os.path.join(DBVuln.DB_PATH, language) @staticmethod def get_description_path(language=DEFAULT_LANG): """ :param language: The user's language (en, es, etc.) :return: The path where the description markdown files are located """ return os.path.join(DBVuln.DB_PATH, language, 'description') @staticmethod def get_fix_path(language=DEFAULT_LANG): """ :param language: The user's language (en, es, etc.) :return: The path where the fix markdown files are located """ return os.path.join(DBVuln.DB_PATH, language, 'fix') @staticmethod def get_all_languages(): return os.listdir(DBVuln.DB_PATH) @staticmethod def get_db_version(): db_version = os.path.join(os.path.dirname(os.path.realpath(__file__)), DBVuln.DB_VERSION_FILE) return open(db_version).read().strip() @classmethod def from_file(cls, db_file, language=DEFAULT_LANG): """ This is an alternative "constructor" for the DBVuln class which loads the data from a file. :param db_file: Contents of a json file from the DB :param language: The user's language (en, es, etc.) """ data = DBVuln.load_from_json(db_file, language=language) return cls(**data) @classmethod def from_id(cls, _id, language=DEFAULT_LANG): """ This is an alternative "constructor" for the DBVuln class which searches the db directory to find the right file for the provided _id """ db_file = DBVuln.get_file_for_id(_id, language=language) data = DBVuln.load_from_json(db_file, language=language) return cls(**data) def get_owasp_top_10_references(self): for owasp_version in self.owasp_top_10: for risk_id in self.owasp_top_10[owasp_version]: ref = self.get_owasp_top_10_url(owasp_version, risk_id) if ref is not None: yield owasp_version, risk_id, ref @staticmethod def get_file_for_id(_id, language=DEFAULT_LANG): """ Given _id, search the DB for the file which contains the data :param _id: The id to search (int) :param language: The user's language (en, es, etc.) :return: The filename """ file_start = '%s-' % _id json_path = DBVuln.get_json_path(language=language) for _file in os.listdir(json_path): if _file.startswith(file_start): return os.path.join(json_path, _file) raise NotFoundException('No data for ID %s' % _id) @staticmethod def get_all_db_ids(language=DEFAULT_LANG): """ :return: A list with all the database IDs as integers """ _ids = [] json_path = DBVuln.get_json_path(language=language) for _file in os.listdir(json_path): if not _file.endswith('.json'): continue _id = _file.split('-')[0] _ids.append(_id) return _ids @staticmethod def handle_ref(attr, language=DEFAULT_LANG): """ Receives something like: { "$ref": "#/files/description/1" }, Or: { "$ref": "#/files/fix/39" } And returns the contents of the description or fix file. :param attr: A dict containing a reference :param language: The user's language (en, es, etc.) :return: Markdown referenced by the attr """ ref = attr.get('$ref', None) if ref is None: raise NotFoundException('No $ref in attribute') _, files, _type, _id = ref.split('/') if 'files' != files: raise NotFoundException('Mandatory "files" path was not found in $ref') if _type not in ('fix', 'description'): raise NotFoundException('Mandatory fix or description not found in $ref') if not _id.isdigit(): raise NotFoundException('Mandatory integer ID not found in $ref') file_path = os.path.join(DBVuln.get_json_path(language=language), _type, '%s.md' % _id) if not os.path.exists(file_path): raise NotFoundException('$ref points to a non existing file') return open(file_path).read() @staticmethod def load_from_json(db_file, language=DEFAULT_LANG): """ Parses the JSON data and returns it :param db_file: File and path pointing to the JSON file to parse :param language: The user's language (en, es, etc.) :raises: All kind of exceptions if the file doesn't exist or JSON is invalid. :return: None """ # There are a couple of things I don't do here, and are on purpose: # - I want to fail if the file doesn't exist # - I want to fail if the file doesn't contain valid JSON raw = json.loads(open(db_file).read()) # Here I don't do any error handling either, I expect the JSON files to # be valid data = { '_id': raw['id'], 'title': raw['title'], 'description': DBVuln.handle_ref(raw['description'], language=language), 'severity': raw['severity'], 'wasc': raw.get('wasc', []), 'tags': raw.get('tags', []), 'cwe': raw.get('cwe', []), 'owasp_top_10': raw.get('owasp_top_10', {}), 'fix_effort': raw['fix']['effort'], 'fix_guidance': DBVuln.handle_ref(raw['fix']['guidance'], language=language), 'references': DBVuln.handle_references(raw.get('references', [])), 'db_file': db_file, } return data @staticmethod def get_wasc_url(wasc_id): """ :return: The URL associated with the wasc_id, usually the WASC ID is received by the developer from self.wasc and he uses this method to give the user a URL None is returned if the URL can't be found """ if wasc_id in WASC_ID_TO_URL: return WASC_ID_TO_URL[wasc_id] @staticmethod def get_cwe_url(cwe_id): """ Similar to get_wasc_url() but for CWE """ return CWE_URL_FMT % cwe_id @staticmethod def get_owasp_top_10_url(owasp_version, risk_id): """ Similar to get_wasc_url() but for OWASP Top 10 """ owasp_version = int(owasp_version) # Just return one of them, 2013 release has priority over 2010 if owasp_version == 2013: return OWASP_TOP10_2013_URL_FMT % risk_id if owasp_version == 2010: return OWASP_TOP10_2010_URL_FMT % risk_id @staticmethod def handle_references(json_references): """ Create a list of reference objects that represent this part of the JSON data: "references": [ {"url": "http://foo.com/xss", "title": "First reference to ..."}, {"url": "http://asp.net/xss", "title": "How to fix ..."}, {"url": "http://owasp.org/xss", "title": "OWASP desc for XSS"} ] :return: A list with Reference objects """ reference_list = [] for reference_dict in json_references: reference_list.append(Reference(reference_dict['url'], reference_dict['title'])) return reference_list @staticmethod def is_valid_id(_id, language=DEFAULT_LANG): try: DBVuln.get_file_for_id(_id, language=language) except NotFoundException: return False else: return True def __str__(self): return 'DBVulnerability for %s - %s' % (self.title, self.id) def __repr__(self): return '' % (self.title, self.id) def __eq__(self, other): return (self.id == other.id and self.title == other.title and self.description == other.description and self.severity == other.severity and self.wasc == other.wasc and self.tags == other.tags and self.cwe == other.cwe and self.owasp_top_10 == other.owasp_top_10 and self.fix_effort == other.fix_effort and self.fix_guidance == other.fix_guidance and self.references == other.references) class Reference(object): def __init__(self, url, title): self.url = url self.title = title def __str__(self): return '[%s](%s)' % (self.title, self.url) def __repr__(self): return '' % (self.title, self.url) def __eq__(self, other): return self.url == other.url and self.title == other.title class NotFoundException(Exception): pass vulndb-0.1.3/vulndb/version.txt0000664000175000017500000000000613534010711016100 0ustar etheth000000000000000.1.3 vulndb-0.1.3/vulndb/db/0000775000175000017500000000000013534010726014251 5ustar etheth00000000000000vulndb-0.1.3/vulndb/db/en/0000775000175000017500000000000013534010726014653 5ustar etheth00000000000000vulndb-0.1.3/vulndb/db/en/43-session-fixation.json0000664000175000017500000000124513534006177021303 0ustar etheth00000000000000{ "id": 43, "title": "Session fixation", "severity": "high", "description": { "$ref": "#/files/description/43" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/15" } }, "cwe": [ "384" ], "owasp_top_10": { "2013": [ 2 ] }, "tags": [ "web", "session", "cookie", "injection", "fixation", "hijacking" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246960/Session%20Fixation", "title": "WASC" }, { "url": "https://www.owasp.org/index.php/Session_fixation", "title": "OWASP - Session fixation" } ] }vulndb-0.1.3/vulndb/db/en/70-persistent-xss.json0000664000175000017500000000140713534006177021014 0ustar etheth00000000000000{ "id": 70, "title": "Persistent Cross-Site Scripting (XSS)", "severity": "high", "description": { "$ref": "#/files/description/70" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/20" } }, "cwe": [ "79" ], "owasp_top_10": { "2013": [ 3 ] }, "tags": [ "web", "xss", "persistent", "script" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting", "title": "WASC" }, { "url": "http://secunia.com/advisories/9716/", "title": "Secunia" }, { "url": "https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/41-response-splitting.json0000664000175000017500000000121313534006177021643 0ustar etheth00000000000000{ "id": 41, "title": "Response Splitting", "severity": "medium", "description": { "$ref": "#/files/description/41" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/11" } }, "tags": [ "web", "response", "splitting", "injection", "header" ], "cwe": [ "98" ], "owasp_top_10": { "2013": [ 1 ] }, "references": [ { "url": "http://www.securiteam.com/securityreviews/5WP0E2KFGK.html", "title": "SecuriTeam" }, { "url": "https://www.owasp.org/index.php/HTTP_Response_Splitting", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/65-arbitrary-file-upload.json0000664000175000017500000000076713534006177022213 0ustar etheth00000000000000{ "id": 65, "title": "Unrestricted file upload", "severity": "high", "description": { "$ref": "#/files/description/65" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/5" } }, "tags": [ "web", "file", "upload" ], "cwe": [ "434" ], "owasp_top_10": { "2013": [ 4 ] }, "references": [ { "url": "https://www.owasp.org/index.php/Unrestricted_File_Upload", "title": "owasp.org" } ] }vulndb-0.1.3/vulndb/db/en/47-blind-sql-injection-timing-attack.json0000664000175000017500000000142313534006177024402 0ustar etheth00000000000000{ "id": 47, "title": "Blind SQL Injection (timing attack)", "severity": "high", "description": { "$ref": "#/files/description/47" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/1" } }, "tags": [ "web", "sql", "blind", "injection", "database" ], "references": [ { "url": "http://capec.mitre.org/data/definitions/7.html", "title": "MITRE - CAPEC" }, { "url": "http://projects.webappsec.org/w/page/13246963/SQL%20Injection", "title": "WASC" }, { "url": "http://www.w3schools.com/sql/sql_injection.asp", "title": "W3 Schools" }, { "url": "https://www.owasp.org/index.php/Blind_SQL_Injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/68-shellshock.json0000664000175000017500000000106413534006177020146 0ustar etheth00000000000000{ "id": 68, "title": "ShellShock", "severity": "high", "description": { "$ref": "#/files/description/68" }, "fix": { "effort": 60, "guidance": { "$ref": "#/files/fix/33" } }, "tags": [ "web", "bash", "shellshock" ], "references": [ { "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271", "title": "CVE-2014-6271" }, { "url": "https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29", "title": "Wikipedia article for Shellshock" } ] }vulndb-0.1.3/vulndb/db/en/25-insecure-cookie.json0000664000175000017500000000067313534006177021071 0ustar etheth00000000000000{ "id": 25, "title": "Insecure cookie", "severity": "informational", "description": { "$ref": "#/files/description/25" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/26" } }, "cwe": [ "614" ], "owasp_top_10": { "2013": [ 2 ] }, "references": [ { "url": "https://www.owasp.org/index.php/SecureFlag", "title": "SecureFlag - OWASP" } ] }vulndb-0.1.3/vulndb/db/en/33-nosql-injection.json0000664000175000017500000000101713534006177021111 0ustar etheth00000000000000{ "id": 33, "title": "NoSQL Injection", "severity": "high", "description": { "$ref": "#/files/description/33" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/6" } }, "cwe": [ "89" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "nosql", "injection", "database", "error" ], "references": [ { "url": "https://www.owasp.org/index.php/Testing_for_NoSQL_injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/2-a-backdoor-file-exists-on-the-server.json0000664000175000017500000000110013534006177024632 0ustar etheth00000000000000{ "id": 2, "title": "A backdoor file exists on the server", "severity": "high", "description": { "$ref": "#/files/description/2" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/32" } }, "cwe": [ "489" ], "tags": [ "web", "path", "backdoor", "file", "discovery" ], "references": [ { "url": "https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf", "title": "Static Detection of Application Backdoors" } ] }vulndb-0.1.3/vulndb/db/en/fix/0000775000175000017500000000000013534010726015441 5ustar etheth00000000000000vulndb-0.1.3/vulndb/db/en/fix/56.md0000664000175000017500000000054413534006177016225 0ustar etheth00000000000000It is important that input sanitisation be conducted to prevent application files (ASP, JSP, PHP or config files) from being called. It is also important that the file system permissions are correctly configured and that all unused files are removed from the web root. If these are not an option, then the vulnerable file should be removed from the server.vulndb-0.1.3/vulndb/db/en/fix/32.md0000664000175000017500000000062213534006177016214 0ustar etheth00000000000000If manual confirmation reveals that a web backdoor or web shell does exist on the server, then it should be removed. It is also recommended that an incident response investigation be conducted on the server to establish how the web backdoor or web shell came to end up on the server. Depending on the environment, investigation into the compromise of any other services or servers should be conducted.vulndb-0.1.3/vulndb/db/en/fix/1.md0000664000175000017500000000121013534006177016122 0ustar etheth00000000000000The only proven method to prevent against SQL injection attacks while still maintaining full application functionality is to use parameterized queries (also known as prepared statements). When utilising this method of querying the database, any value supplied by the client will be handled as a string value rather than part of the SQL query. Additionally, when utilising parameterized queries, the database engine will automatically check to make sure the string being used matches that of the column. For example, the database engine will check that the user supplied input is an integer if the database column is configured to contain integers.vulndb-0.1.3/vulndb/db/en/fix/31.md0000664000175000017500000000022013534006177016205 0ustar etheth00000000000000 1. Change the permissions on directories and files accessible via IIS 2. Setup authentication and authorization for FrontPage extension accessvulndb-0.1.3/vulndb/db/en/fix/10.md0000664000175000017500000000066013534006177016212 0ustar etheth00000000000000If files are unreferenced then they should be removed from the web root and/or the application directory. Preventing access without authentication may also be an option and can stop a client from being able to view the contents of a file, however it is still likely that the directory structure will be able to be discovered. Using obscure file names is implementing security through obscurity and is not a recommended option.vulndb-0.1.3/vulndb/db/en/fix/44.md0000664000175000017500000000115613534006177016222 0ustar etheth00000000000000Based on the risk (determined by manual verification) of whether the form submission performs a sensitive action, the addition of anti-CSRF tokens may be required. These tokens can be configured in such a way that each session generates a new anti-CSRF token or such that each individual request requires a new token. It is important that the server track and maintain the status of each token (in order to reject requests accompanied by invalid ones) and therefore prevent cyber-criminals from knowing, guessing or reusing them. _For examples of framework specific remediation options, please refer to the references._vulndb-0.1.3/vulndb/db/en/fix/13.md0000664000175000017500000000162213534006177016214 0ustar etheth00000000000000It is recommended that untrusted data is never used to form a file location to be included. To validate data, the application should ensure that the supplied value for a file is permitted. This can be achieved by performing whitelisting on the parameter value, by matching it against a list of permitted files. If the supplied value does not match any value in the whitelist, then the server should redirect to a standard error page. In some scenarios, where dynamic content is being requested, it may not be possible to perform validation against a list of trusted resources, therefore the list must also become dynamic (updated as the files change), or perform filtering to remove extraneous user input (such as semicolons, periods etc.) and only permit `a-z0-9`. It is also advised that sensitive files are not stored within the web root and that the user permissions enforced by the directory are correct.vulndb-0.1.3/vulndb/db/en/fix/20.md0000664000175000017500000000207513534006177016215 0ustar etheth00000000000000To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered data within the code of a HTML page. Untrusted data can originate not only form the client but potentially a third party or previously uploaded file etc. Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include: * `&` * `<` * `>` * `"` * `'` * `/` An example of HTML entity encoding is converting `<` to `<`. Although it is possible to filter untrusted input, there are five locations within an HTML page where untrusted input (even if it has been filtered) should never be placed: 1. Directly in a script. 2. Inside an HTML comment. 3. In an attribute name. 4. In a tag name. 5. Directly in CSS. Each of these locations have their own form of escaping and filtering. _Because many browsers attempt to implement XSS protection, any manual verification of this finding should be conducted using multiple different browsers and browser versions._vulndb-0.1.3/vulndb/db/en/fix/3.md0000664000175000017500000000014113534006177016126 0ustar etheth00000000000000E-mail addresses should be presented in such a way that it is hard to process them automatically.vulndb-0.1.3/vulndb/db/en/fix/7.md0000664000175000017500000000006713534006177016141 0ustar etheth00000000000000Manually inspect the HTTP response status code and bodyvulndb-0.1.3/vulndb/db/en/fix/18.md0000664000175000017500000000133213534006177016217 0ustar etheth00000000000000The `autocomplete` value can be configured in two different locations. The first and most secure location is to disable the `autocomplete` attribute on the `

` HTML tag. This will disable `autocomplete` for all inputs within that form. An example of disabling `autocomplete` within the form tag is ``. The second slightly less desirable option is to disable the `autocomplete` attribute for a specific `` HTML tag. While this may be the less desired solution from a security perspective, it may be preferred method for usability reasons, depending on size of the form. An example of disabling the `autocomplete` attribute within a password input tag is ``.vulndb-0.1.3/vulndb/db/en/fix/33.md0000664000175000017500000000005013534006177016210 0ustar etheth00000000000000Upgrade Bash to version 4.3.025 or newervulndb-0.1.3/vulndb/db/en/fix/42.md0000664000175000017500000000036213534006177016216 0ustar etheth00000000000000 * Ensure that the application source handles exceptions and errors in a such a way that no sensitive information is disclosed to the users * Configure the application server to handle and log any exceptions that the application might yield vulndb-0.1.3/vulndb/db/en/fix/8.md0000664000175000017500000000061513534006177016141 0ustar etheth00000000000000The affected site should be secured utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2. While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled.vulndb-0.1.3/vulndb/db/en/fix/26.md0000664000175000017500000000052013534006177016214 0ustar etheth00000000000000The initial steps to remedy this should be determined on whether the cookie is sensitive in nature. If the cookie does not contain any sensitive information then the risk of this vulnerability is reduced; however, if the cookie does contain sensitive information, then the server should ensure that the cookie has its `secure` flag set.vulndb-0.1.3/vulndb/db/en/fix/23.md0000664000175000017500000000114213534006177016212 0ustar etheth00000000000000Where possible the HTTP `PUT` method should be globally disabled. This can typically be done with a simple configuration change on the server. The steps to disable the `PUT` method will differ depending on the type of server being used (IIS, Apache, etc.). For cases where the `PUT` method is required to meet application functionality, such as REST style web services, strict limitations should be implemented to ensure that only secure (SSL/TLS enabled) and authorised clients are permitted to use the `PUT` method. Additionally, the server's file system permissions should also enforce strict limitations.vulndb-0.1.3/vulndb/db/en/fix/30.md0000664000175000017500000000055513534006177016217 0ustar etheth00000000000000The initial step to remedy this would be to determine whether any client-side scripts (such as JavaScript) need to access the cookie and if not, set the `HttpOnly` flag. Additionally, it should be noted that some older browsers are not compatible with the `HttpOnly` flag, and therefore setting this flag will not protect those clients against this form of attack.vulndb-0.1.3/vulndb/db/en/fix/55.md0000664000175000017500000000066713534006177016232 0ustar etheth00000000000000If directories are unreferenced then they should be removed from the web root and/or the application directory. Preventing access without authentication may also be an option and can stop a client from being able to view the contents of a file, however it is still likely that the directory structure will be able to be discovered. Using obscure directory names is implementing security through obscurity and is not a recommended option.vulndb-0.1.3/vulndb/db/en/fix/38.md0000664000175000017500000000147213534006177016226 0ustar etheth00000000000000If the pages being protected are not required for the functionality of the web application they should be removed, otherwise, it is recommended that basic and basic realm authentication are not used to protect against pages requiring authentication. If NTLM based basic authentication must be used, then default server and domain accounts such as `administrator` and `root` should be disabled, as these will undoubtedly be the first accounts to be targeted in any such attack. Additionally, the webserver should not be joined to any corporate domain where usernames are readily available (such as from email addresses). If the pages are required, and it is possible to remove the basic authentication, then a stronger and more resilient form-based authentication mechanism should be implemented to protect the affected pages.vulndb-0.1.3/vulndb/db/en/fix/28.md0000664000175000017500000000073413534006177016225 0ustar etheth00000000000000Initially, the SSN within the response should be checked to ensure its validity, as it is possible that the regular expression has matched a similar number with no relation to a real SSN. If the response does contain a valid SSN, then all efforts should be taken to remove or further protect this information. This can be achieved by removing the SSN altogether or by masking the number so that only the last few digits are present within the response (eg. _**********123_).vulndb-0.1.3/vulndb/db/en/fix/54.md0000664000175000017500000000050313534006177016216 0ustar etheth00000000000000Do not have any default credentials set on the application. Any known usernames or passwords associated with the application framework should also be removed. Furthermore, Web Applications should implement a strong password policy consisting of a combination of alphanumeric characters and a minimum length of 8 characters.vulndb-0.1.3/vulndb/db/en/fix/15.md0000664000175000017500000000057613534006177016225 0ustar etheth00000000000000The most important remediation action is to prevent the server from accepting client supplied data as session tokens. Additionally, the client's session token should be changed at specific key stages of the application flow, such as during authentication. This will ensure that even if clients are able to set their own cookie, it will not persist into an authenticated session.vulndb-0.1.3/vulndb/db/en/fix/43.md0000664000175000017500000000050113534006177016212 0ustar etheth00000000000000Since the whole XML document is communicated from an untrusted client, it's not usually possible to selectively validate or escape tainted data within the system identifier in the DTD. Therefore, the XML processor should be configured to use a local static DTD and disallow any declared DTD included in the XML document.vulndb-0.1.3/vulndb/db/en/fix/45.md0000664000175000017500000000050313534006177016216 0ustar etheth00000000000000All CORS requests include the `Origin` header which indicates the source domain name. Create a server-side list of trusted domains which can consume the CORS resources and when a request is received set the `Access-Control-Allow-Origin` response header to the right value from the list matching the `Origin` request header.vulndb-0.1.3/vulndb/db/en/fix/41.md0000664000175000017500000000151013534006177016211 0ustar etheth00000000000000Unless the web server is being utilised to share static and non-sensitive files, enabling directory listing is considered a poor security practice This can typically be done with a simple configuration change on the server. The steps to disable the directory listing will differ depending on the type of server being used (IIS, Apache, etc.). If directory listing is required, and permitted, then steps should be taken to ensure that the risk of such a configuration is reduced. These can include: 1. Requiring authentication to access affected pages. 2. Adding the affected path to the `robots.txt` file to prevent the directory contents being searchable via search engines. 3. Ensuring that sensitive files are not stored within the web or document root. 4. Removing any files that are not required for the application to function. vulndb-0.1.3/vulndb/db/en/fix/25.md0000664000175000017500000000062013534006177016214 0ustar etheth00000000000000The HTTP `TRACE` method is normally not required within production sites and should therefore be disabled. Depending on the function being performed by the web application, the risk level can start low and increase as more functionality is implemented. The remediation is typically a very simple configuration change and in most cases will not have any negative impact on the server or application.vulndb-0.1.3/vulndb/db/en/fix/35.md0000664000175000017500000000036013534006177016216 0ustar etheth00000000000000 * Review the generated HTML source and ensure that none of it's sections can be used in a UI misrepresentation attack. * Perform strict data validation (e.g. syntax, length, etc.) before using the user-provided data to render HTML pages. vulndb-0.1.3/vulndb/db/en/fix/34.md0000664000175000017500000000007513534006177016220 0ustar etheth00000000000000Change the web server configuration in order to disable SSLv2vulndb-0.1.3/vulndb/db/en/fix/27.md0000664000175000017500000000031213534006177016214 0ustar etheth000000000000001. Explicitly set the `filename` attribute in the Content-disposition HTTP response header. 2. Perform strict whitelist validation on user input before using it in the creation of HTTP response bodies vulndb-0.1.3/vulndb/db/en/fix/46.md0000664000175000017500000000034413534006177016222 0ustar etheth00000000000000Remediation actions may be vastly different depending on the framework being used, and how the application has been coded. However, the origin header should never be used to validate a client's access as it is trivial to change.vulndb-0.1.3/vulndb/db/en/fix/50.md0000664000175000017500000000020613534006177016212 0ustar etheth00000000000000Ensure that the `Cache-control` HTTP response header is set to `no-cache, no-store` and the `Pragma` header must be set to `no-cache`.vulndb-0.1.3/vulndb/db/en/fix/16.md0000664000175000017500000000016113534006177016214 0ustar etheth00000000000000Analyze the objects using manual analysis techniques such as a local proxy, decompilation or reverse engineering.vulndb-0.1.3/vulndb/db/en/fix/2.md0000664000175000017500000000126213534006177016132 0ustar etheth00000000000000It is recommended that untrusted data is never used to form a LDAP query. To validate data, the application should ensure that the supplied value contains only the characters that are required to perform the required action. For example, where a username is required, then no non-alphanumeric characters should be accepted. If this is not possible, special characters should be escaped so they are treated accordingly. The following characters should be escaped with a back-slash: * `&` * `!` * `|` * `=` * `<` * `>` * `,` * `+` * `-` * `"` * `'` * `;` Additional character filtering must be applied to: * `(` * `)` * `\` * `/` * `*` * `NULL` These characters require ASCII escaping.vulndb-0.1.3/vulndb/db/en/fix/9.md0000664000175000017500000000150113534006177016135 0ustar etheth00000000000000Client-side document rewriting, redirection, or other sensitive action, using untrusted data, should be avoided wherever possible, as these may not be inspected by server side filtering. To remedy DOM XSS vulnerabilities where these sensitive document actions must be used, it is essential to: 1. Ensure any untrusted data is treated as text, as opposed to being interpreted as code or mark-up within the page. 2. Escape untrusted data prior to being used within the page. Escaping methods will vary depending on where the untrusted data is being used. (See references for details.) 3. Use `document.createElement`, `element.setAttribute`, `element.appendChild`, etc. to build dynamic interfaces as opposed to HTML rendering methods such as `document.write`, `document.writeIn`, `element.innerHTML`, or `element.outerHTML `etc. vulndb-0.1.3/vulndb/db/en/fix/52.md0000664000175000017500000000045513534006177016222 0ustar etheth00000000000000Identification of the requirement to run a WebDAV server should be considered. If it is not required then it should be disabled. However, if it is required to meet the application functionality, then it should be protected by SSL/TLS as well as the implementation of a strong authentication mechanism.vulndb-0.1.3/vulndb/db/en/fix/22.md0000664000175000017500000000046613534006177016221 0ustar etheth00000000000000Identifying the context in which the affected page displays a Private IP address is necessary. If the page is publicly accessible and displays the Private IP of the affected server (or supporting infrastructure), then measures should be put in place to ensure that the IP address is removed from any response.vulndb-0.1.3/vulndb/db/en/fix/19.md0000664000175000017500000000076613534006177016232 0ustar etheth00000000000000It is recommended that untrusted data is never used to form a command to be executed by the OS. To validate data, the application should ensure that the supplied value contains only the characters that are required to perform the required action. For example, where the form field expects an IP address, only numbers and periods should be accepted. Additionally, all control operators (`&`, `&&`, `|`, `||`, `$`, `\`, `#`) should be explicitly denied and never accepted as valid input by the server.vulndb-0.1.3/vulndb/db/en/fix/29.md0000664000175000017500000000060313534006177016221 0ustar etheth00000000000000The application should ensure that the supplied value for a redirect is permitted. This can be achieved by performing whitelisting on the parameter value. The whitelist should contain a list of pages or sites that the application is permitted to redirect users to. If the supplied value does not match any value in the whitelist then the server should redirect to a standard error page.vulndb-0.1.3/vulndb/db/en/fix/12.md0000664000175000017500000000023713534006177016214 0ustar etheth00000000000000Create a new TLS/SSL certificate, request a trusted certificate authority (CA) to sign it and replace the self-signed certificate with the newly generated one.vulndb-0.1.3/vulndb/db/en/fix/5.md0000664000175000017500000000163313534006177016137 0ustar etheth00000000000000The identified form handler should at a minimum: 1. Whitelist permitted file types and block all others. This should be conducted on the MIME type of the file rather than its extension. 2. As the file is uploaded, and prior to being handled (written to the disk) by the server, the filename should be stripped of all control, special, or Unicode characters. 3. Ensure that the upload is conducted via the HTTP `POST` method rather than `GET` or `PUT`. 4. Ensure that the file is written to a directory that does not hold any execute permission and that all files within that directory inherit the same permissions. 5. Scan (if possible) with an up-to-date virus scanner before being stored. 6. Ensure that the application handles files as per the host operating system. For example, the length of the file name is appropriate, there is adequate space to store the file, protection against overwriting other files etc.vulndb-0.1.3/vulndb/db/en/fix/4.md0000664000175000017500000000066513534006177016142 0ustar etheth00000000000000All pages and/or resources on the affected site should be secured equally, utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2. While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled.vulndb-0.1.3/vulndb/db/en/fix/48.md0000664000175000017500000000072413534006177016226 0ustar etheth00000000000000Depending on the framework being used the implementation methods will vary, however it is advised that the `Strict-Transport-Security` header be configured on the server. One of the options for this header is `max-age`, which is a representation (in milliseconds) determining the time in which the client's browser will adhere to the header policy. Depending on the environment and the application this time period could be from as low as minutes to as long as days.vulndb-0.1.3/vulndb/db/en/fix/14.md0000664000175000017500000000036713534006177016222 0ustar etheth00000000000000Other methods of authentication, like cookie based authentication must be used as a replacement. This can still be considered insecure if credentials are submitted in clear text. TLS Encryption must be used when transmitting sensitive information.vulndb-0.1.3/vulndb/db/en/fix/51.md0000664000175000017500000000075713534006177016226 0ustar etheth00000000000000The preferred configuration is to prevent the use of unauthorised HTTP methods by utilising the `` directive. This directive uses a whitelisting approach to permit HTTP methods while blocking all others not listed in the directive, and will therefor block any method tampering attempts. Most commonly, the only HTTP methods required for most scenarios are `GET` and `POST`. An example of permitting these HTTP methods is: ` require valid-user `vulndb-0.1.3/vulndb/db/en/fix/40.md0000664000175000017500000000056113534006177016215 0ustar etheth00000000000000The first step to remediation is to identify the context in which the cookie is being set and determine if it is required by the whole domain, or just the specific host being tested. If it is only required by the host, then the domain flag should be set as such. Depending on the framework being used, the configuration of this flag will be modified in different ways.vulndb-0.1.3/vulndb/db/en/fix/17.md0000664000175000017500000000010113534006177016207 0ustar etheth00000000000000Configure your web server to include an `X-Frame-Options` header.vulndb-0.1.3/vulndb/db/en/fix/11.md0000664000175000017500000000057113534006177016214 0ustar etheth00000000000000It is recommended that untrusted data is never used to form the contents of the response header. Where any untrusted source is required to be used in the response headers, it is important to ensure that any hazardous characters (`/r`, `/n` and potentially others) are sanitised prior to being used. This is especially important when setting cookie values, redirecting, etc..vulndb-0.1.3/vulndb/db/en/fix/53.md0000664000175000017500000000042313534006177016216 0ustar etheth00000000000000'X-Content-Type-Options: nosniff' header should be implemented which allows a web server to force the browser into disabling MIME Sniffing for a served file. The nosniff option will only load any external resource if the content-type maches what is expected of the file type.vulndb-0.1.3/vulndb/db/en/fix/39.md0000664000175000017500000000105513534006177016224 0ustar etheth00000000000000It is recommended that a whitelisting approach be taken to explicitly permit the HTTP methods required by the application and block all others. Typically the only HTTP methods required for most applications are `GET` and `POST`. All other methods perform actions that are rarely required or perform actions that are inherently risky. These risky methods (such as `PUT`, `DELETE`, etc) should be protected by strict limitations, such as ensuring that the channel is secure (SSL/TLS enabled) and only authorised and trusted clients are permitted to use them.vulndb-0.1.3/vulndb/db/en/fix/57.md0000664000175000017500000000136013534006177016223 0ustar etheth00000000000000Initially, the credit card number within the response should be checked to ensure its validity, as it is possible that the regular expression has matched on a similar number with no relation to a real credit card. If the response does contain a valid credit card number, then all efforts should be taken to remove or further protect this information. This can be achieved by removing the credit card number altogether, or by masking the number so that only the last few digits are present within the response. (eg. _**********123_). Additionally, credit card numbers should not be stored by the application, unless the organisation also complies with other security controls as outlined in the Payment Card Industry Data Security Standard (PCI- DSS).vulndb-0.1.3/vulndb/db/en/fix/36.md0000664000175000017500000000034013534006177016215 0ustar etheth00000000000000Carefully evaluate which sites will be allowed to make cross-domain calls. Consider network topology and any authentication mechanisms that will be affected by the configuration or implementation of the cross-domain policy.vulndb-0.1.3/vulndb/db/en/fix/6.md0000664000175000017500000000035713534006177016142 0ustar etheth00000000000000The most effective remediation against NoSQL injection attacks is to ensure that NoSQL API calls are not constructed via string concatenation that includes unsanitized data. Sanitization is best achieved using existing escaping libraries.vulndb-0.1.3/vulndb/db/en/fix/49.md0000664000175000017500000000042113534006177016221 0ustar etheth00000000000000CVS and/or SVN information should not be displayed to the end user. This can be achieved by removing this information all together prior to deployment, or by putting this information into a server-side (PHP, ASP, JSP, etc) code comment block, as opposed to an HTML comment.vulndb-0.1.3/vulndb/db/en/fix/37.md0000664000175000017500000000065413534006177016226 0ustar etheth00000000000000Although no remediation may be required based on this finding alone, manual testing should ensure that: 1. The server keeps track of CAPTCHA tokens in use and has the token terminated after its first use or after a period of time. Therefore preventing replay attacks. 2. The CAPTCHA answer is not hidden in plain text within the response that is sent to the client. 3. The CAPTCHA image should not be weak and easily solved. vulndb-0.1.3/vulndb/db/en/fix/47.md0000664000175000017500000000050213534006177016217 0ustar etheth00000000000000It is recommended that untrusted input is never processed as server-side code. To validate input, the application should ensure that the supplied value contains only the data that are required to perform the relevant action. For example, where a username is required, then no non-alpha characters should not be accepted.vulndb-0.1.3/vulndb/db/en/fix/21.md0000664000175000017500000000116613534006177016216 0ustar etheth00000000000000Do not keep obsolete versions of files under the virtual web server root. When updating the site, delete or move the files to a directory outside the virtual root, edit them there, and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root. Preventing access without authentication may also be an option and stop a client being able to view the contents of a file, however it is still likely that the filenames will be able to be discovered. Using obscure filenames is only implementing security through obscurity and is not a recommended option.vulndb-0.1.3/vulndb/db/en/fix/24.md0000664000175000017500000000072613534006177016222 0ustar etheth00000000000000The preferred way to protect against XPath injection is to utilise parameterized (also known as prepared) XPath queries. When utilising this method of querying the XML document any value supplied by the client will be handled as a string rather than part of the XPath query. An alternative to parameterized queries it to use precompiled XPath queries. Precompiled XPath queries are not generated dynamically and will therefor never process user supplied input as XPath.vulndb-0.1.3/vulndb/db/en/11-cookie-set-for-parent-domain.json0000664000175000017500000000061513534006177023356 0ustar etheth00000000000000{ "id": 11, "title": "Cookie set for parent domain", "severity": "informational", "description": { "$ref": "#/files/description/11" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/40" } }, "references": [ { "url": "https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/15-directory-listing.json0000664000175000017500000000102613534006177021450 0ustar etheth00000000000000{ "id": 15, "title": "Directory listing", "severity": "low", "description": { "$ref": "#/files/description/15" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/41" } }, "cwe": [ "548" ], "owasp_top_10": { "2013": [ 5 ] }, "tags": [ "web", "path", "directory", "listing", "index" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246922/Directory%20Indexing", "title": "WASC" } ] }vulndb-0.1.3/vulndb/db/en/49-unencrypted-password-form.json0000664000175000017500000000077713534006177023161 0ustar etheth00000000000000{ "id": 49, "title": "Unencrypted password form", "severity": "medium", "description": { "$ref": "#/files/description/49" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/8" } }, "cwe": [ "319" ], "tags": [ "web", "unencrypted", "password", "form" ], "references": [ { "url": "http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection", "title": "OWASP Top 10 2010" } ] }vulndb-0.1.3/vulndb/db/en/12-credit-card-number-disclosure.json0000664000175000017500000000102013534006177023605 0ustar etheth00000000000000{ "id": 12, "title": "Credit card number disclosure", "severity": "medium", "description": { "$ref": "#/files/description/12" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/57" } }, "cwe": [ "200" ], "references": [ { "url": "http://en.wikipedia.org/wiki/Luhn_algorithm", "title": "Wikipedia - Luhn algorithm" }, { "url": "http://en.wikipedia.org/wiki/Bank_card_number", "title": "Wikipedia - Bank card number" } ] }vulndb-0.1.3/vulndb/db/en/29-interesting-response.json0000664000175000017500000000070013534006177022167 0ustar etheth00000000000000{ "id": 29, "title": "Interesting response", "severity": "informational", "description": { "$ref": "#/files/description/29" }, "fix": { "effort": 60, "guidance": { "$ref": "#/files/fix/7" } }, "tags": [ "web", "interesting", "response", "server" ], "references": [ { "url": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html", "title": "RFC-2616" } ] }vulndb-0.1.3/vulndb/db/en/48-disclosed-us-social-security-number-ssn.json0000664000175000017500000000060313534006177025605 0ustar etheth00000000000000{ "id": 48, "title": "Disclosed US Social Security Number (SSN)", "severity": "high", "description": { "$ref": "#/files/description/48" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/28" } }, "cwe": [ "213" ], "references": [ { "url": "http://www.ssa.gov/pubs/10064.html", "title": "ssa.gov" } ] }vulndb-0.1.3/vulndb/db/en/22-httponly-cookie.json0000664000175000017500000000066613534006177021134 0ustar etheth00000000000000{ "id": 22, "title": "HttpOnly cookie", "severity": "informational", "description": { "$ref": "#/files/description/22" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/30" } }, "cwe": [ "87" ], "owasp_top_10": { "2013": [ 2 ] }, "references": [ { "url": "https://www.owasp.org/index.php/HttpOnly", "title": "HttpOnly - OWASP" } ] }vulndb-0.1.3/vulndb/db/en/13-cross-site-request-forgery.json0000664000175000017500000000137013534006177023231 0ustar etheth00000000000000{ "id": 13, "title": "Cross-Site Request Forgery", "severity": "high", "description": { "$ref": "#/files/description/13" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/44" } }, "cwe": [ "352" ], "owasp_top_10": { "2013": [ 8 ] }, "tags": [ "web", "csrf", "form", "token" ], "references": [ { "url": "http://www.cgisecurity.com/csrf-faq.html", "title": "CGI Security - CSRF" }, { "url": "http://en.wikipedia.org/wiki/Cross-site_request_forgery", "title": "Wikipedia - CSRF" }, { "url": "https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)", "title": "OWASP - CSRF" } ] }vulndb-0.1.3/vulndb/db/en/42-remote-file-inclusion.json0000664000175000017500000000117313534006177022211 0ustar etheth00000000000000{ "id": 42, "title": "Remote File Inclusion", "severity": "high", "description": { "$ref": "#/files/description/42" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/13" } }, "cwe": [ "98" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "remote", "file", "inclusion", "injection" ], "references": [ { "url": "http://projects.webappsec.org/Remote-File-Inclusion", "title": "WASC" }, { "url": "http://en.wikipedia.org/wiki/Remote_File_Inclusion", "title": "Wikipedia" } ] }vulndb-0.1.3/vulndb/db/en/54-xpath-injection.json0000664000175000017500000000120513534006177021103 0ustar etheth00000000000000{ "id": 54, "title": "XPath Injection", "severity": "high", "description": { "$ref": "#/files/description/54" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/24" } }, "cwe": [ "91", "643" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "xpath", "database", "error", "injection" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13247005/XPath%20Injection", "title": "WASC" }, { "url": "https://www.owasp.org/index.php/XPATH_Injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/21-html-object.json0000664000175000017500000000034313534006177020203 0ustar etheth00000000000000{ "id": 21, "title": "HTML object", "severity": "informational", "description": { "$ref": "#/files/description/21" }, "fix": { "effort": 120, "guidance": { "$ref": "#/files/fix/16" } } }vulndb-0.1.3/vulndb/db/en/67-self-signed-ssl-certificate.json0000664000175000017500000000077413534006177023274 0ustar etheth00000000000000{ "id": 67, "title": "Self-signed TLS/SSL certificate", "severity": "medium", "description": { "$ref": "#/files/description/67" }, "fix": { "effort": 60, "guidance": { "$ref": "#/files/fix/12" } }, "cwe": [ "296" ], "tags": [ "web", "unencrypted", "tls", "ssl" ], "references": [ { "url": "https://en.wikipedia.org/wiki/Self-signed_certificate", "title": "Wikipedia article on self-signed certificates" } ] }vulndb-0.1.3/vulndb/db/en/44-source-code-disclosure.json0000664000175000017500000000065313534006177022366 0ustar etheth00000000000000{ "id": 44, "title": "Source code disclosure", "severity": "high", "description": { "$ref": "#/files/description/44" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/56" } }, "cwe": [ "200", "548" ], "owasp_top_10": { "2013": [ 6 ] }, "tags": [ "web", "code", "source", "file", "inclusion", "disclosure" ] }vulndb-0.1.3/vulndb/db/en/31-exposed-localstart-asp-page.json0000664000175000017500000000045313534006177023306 0ustar etheth00000000000000{ "id": 31, "title": "Exposed localstart.asp page", "severity": "low", "description": { "$ref": "#/files/description/31" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/38" } }, "tags": [ "web", "asp", "iis", "server" ] }vulndb-0.1.3/vulndb/db/en/34-blind-nosql-injection-differential-analysis.json0000664000175000017500000000076713534006177026466 0ustar etheth00000000000000{ "id": 34, "title": "Blind NoSQL Injection (differential analysis)", "severity": "high", "description": { "$ref": "#/files/description/34" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/6" } }, "cwe": [ "89" ], "tags": [ "web", "nosql", "blind", "injection", "database" ], "references": [ { "url": "https://www.owasp.org/index.php/Testing_for_NoSQL_injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/64-xml-external-entity.json0000664000175000017500000000070713534006177021740 0ustar etheth00000000000000{ "id": 64, "title": "XML External Entity", "severity": "high", "description": { "$ref": "#/files/description/64" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/43" } }, "cwe": [ "611" ], "owasp_top_10": { "2013": [ 1 ] }, "references": [ { "url": "https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/1-allowed-http-methods.json0000664000175000017500000000073113534006177021757 0ustar etheth00000000000000{ "id": 1, "title": "Allowed HTTP methods", "severity": "informational", "description": { "$ref": "#/files/description/1" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/39" } }, "cwe": [ "749" ], "tags": [ "web", "http", "methods", "options" ], "references": [ { "url": "http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept", "title": "Apache.org" } ] }vulndb-0.1.3/vulndb/db/en/72-cache-control-headers.json0000664000175000017500000000111713534006177022133 0ustar etheth00000000000000{ "id": 72, "title": "Insecure or no Cache-Control header", "severity": "low", "description": { "$ref": "#/files/description/72" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/50" } }, "cwe": [ "524", "525" ], "owasp_top_10": { "2013": [ 5 ] }, "tags": [ "web", "browser", "cache", "session" ], "references": [ { "url": "https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Web_Content_Caching", "title": "Session Management Cheat Sheet" } ] }vulndb-0.1.3/vulndb/db/en/6-code-injection.json0000664000175000017500000000154113534006177020611 0ustar etheth00000000000000{ "id": 6, "title": "Code injection", "severity": "high", "description": { "$ref": "#/files/description/6" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/47" } }, "cwe": [ "94", "95" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "code", "injection" ], "references": [ { "url": "http://docs.python.org/py3k/library/functions.html#eval", "title": "Python eval documentation" }, { "url": "http://www.aspdev.org/asp/asp-eval-execute/", "title": "ASP eval documentation" }, { "url": "http://php.net/manual/en/function.eval.php", "title": "PHP eval documentation" }, { "url": "http://perldoc.perl.org/functions/eval.html", "title": "Perl eval documentation" } ] }vulndb-0.1.3/vulndb/db/en/46-blind-sql-injection.json0000664000175000017500000000152313534006177021650 0ustar etheth00000000000000{ "id": 46, "title": "Blind SQL Injection", "severity": "high", "description": { "$ref": "#/files/description/46" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/1" } }, "cwe": [ "89" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "sql", "blind", "injection", "database" ], "references": [ { "url": "http://capec.mitre.org/data/definitions/7.html", "title": "MITRE - CAPEC" }, { "url": "http://projects.webappsec.org/w/page/13246963/SQL%20Injection", "title": "WASC" }, { "url": "http://www.w3schools.com/sql/sql_injection.asp", "title": "W3 Schools" }, { "url": "https://www.owasp.org/index.php/Blind_SQL_Injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/50-unvalidated-redirect.json0000664000175000017500000000112413534006177022072 0ustar etheth00000000000000{ "id": 50, "title": "Unvalidated redirect", "severity": "medium", "description": { "$ref": "#/files/description/50" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/29" } }, "cwe": [ "601" ], "owasp_top_10": { "2013": [ 10 ] }, "tags": [ "web", "unvalidated", "redirect", "injection", "header", "location" ], "references": [ { "url": "https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards", "title": "OWASP Top 10 2010" } ] }vulndb-0.1.3/vulndb/db/en/53-missing-x-frame-options-header.json0000664000175000017500000000114413534006177023725 0ustar etheth00000000000000{ "id": 53, "title": "Missing 'X-Frame-Options' header", "severity": "low", "description": { "$ref": "#/files/description/53" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/17" } }, "references": [ { "url": "http://tools.ietf.org/html/rfc7034", "title": "RFC-7034" }, { "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options", "title": "Mozilla developer network" }, { "url": "https://www.owasp.org/index.php/Clickjacking", "title": "OWASP Clickjacking document" } ] }vulndb-0.1.3/vulndb/db/en/27-insecure-cross-domain-policy-allow-access-from.json0000664000175000017500000000105513534006177027024 0ustar etheth00000000000000{ "id": 27, "title": "Insecure cross-domain policy", "severity": "low", "description": { "$ref": "#/files/description/27" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/36" } }, "cwe": [ "346" ], "references": [ { "url": "http://blogs.adobe.com/stateofsecurity/2007/07/crossdomain_policy_files_1.html", "title": "Adobe" }, { "url": "https://www.owasp.org/index.php/Test_Cross_Origin_Resource_Sharing_%28OTG-CLIENT-007%29", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/5-captcha-protected-form.json0000664000175000017500000000035313534006177022251 0ustar etheth00000000000000{ "id": 5, "title": "CAPTCHA protected form", "severity": "informational", "description": { "$ref": "#/files/description/5" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/37" } } }vulndb-0.1.3/vulndb/db/en/14-cvs-svn-user-disclosure.json0000664000175000017500000000041313534006177022520 0ustar etheth00000000000000{ "id": 14, "title": "CVS/SVN user disclosure", "severity": "low", "description": { "$ref": "#/files/description/14" }, "cwe": [ "200", "527" ], "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/49" } } }vulndb-0.1.3/vulndb/db/en/69-insecure-frontpage-configuration.json0000664000175000017500000000102213534006177024447 0ustar etheth00000000000000{ "id": 69, "title": "Insecure Frontpage extensions configuration", "severity": "high", "description": { "$ref": "#/files/description/69" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/31" } }, "tags": [ "web", "windows", "frontpage" ], "owasp_top_10": { "2013": [ 5 ] }, "references": [ { "url": "https://msdn.microsoft.com/en-us/library/bb742372.aspx", "title": "Configuring FrontPage Server Extensions" } ] }vulndb-0.1.3/vulndb/db/en/35-access-restriction-bypass-via-origin-spoof.json0000664000175000017500000000052513534006177026273 0ustar etheth00000000000000{ "id": 35, "title": "Access restriction bypass via origin spoof", "severity": "high", "description": { "$ref": "#/files/description/35" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/46" } }, "tags": [ "web", "access", "restriction", "server", "bypass" ] }vulndb-0.1.3/vulndb/db/en/56-dom-based-cross-site-scripting-xss.json0000664000175000017500000000142413534006177024543 0ustar etheth00000000000000{ "id": 56, "title": "DOM-based Cross-Site Scripting (XSS)", "severity": "high", "description": { "$ref": "#/files/description/56" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/9" } }, "cwe": [ "79" ], "owasp_top_10": { "2013": [ 3 ] }, "tags": [ "web", "xss", "dom", "injection", "script" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting", "title": "WASC" }, { "url": "https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet", "title": "OWASP - Prevention" }, { "url": "https://www.owasp.org/index.php/DOM_Based_XSS", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/38-password-field-with-auto-complete.json0000664000175000017500000000047713534006177024463 0ustar etheth00000000000000{ "id": 38, "title": "Password field with auto-complete", "severity": "low", "description": { "$ref": "#/files/description/38" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/18" } }, "cwe": [ "522" ], "owasp_top_10": { "2013": [ 2 ] } }vulndb-0.1.3/vulndb/db/en/9-common-directory.json0000664000175000017500000000103113534006177021206 0ustar etheth00000000000000{ "id": 9, "title": "Common directory", "severity": "medium", "description": { "$ref": "#/files/description/9" }, "cwe": [ "538" ], "owasp_top_10": { "2013": [ 5 ] }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/55" } }, "tags": [ "web", "path", "directory", "common", "discovery" ], "references": [ { "url": "https://www.owasp.org/index.php/Forced_browsing", "title": "OWASP - Forced browsing" } ] }vulndb-0.1.3/vulndb/db/en/75-guessable-credentials.json0000664000175000017500000000110713534006177022250 0ustar etheth00000000000000{ "id": 75, "title": "Guessable credentials", "severity": "low", "description": { "$ref": "#/files/description/75" }, "fix": { "effort": 40, "guidance": { "$ref": "#/files/fix/54" } }, "cwe": [ "522" ], "owasp_top_10": { "2013": [ 5 ] }, "tags": [ "guessable", "credentials", "weak", "predictable" ], "references": [ { "url": "https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)", "title": "OWASP Reference" } ] }vulndb-0.1.3/vulndb/db/en/17-file-inclusion.json0000664000175000017500000000100613534006177020715 0ustar etheth00000000000000{ "id": 17, "title": "File Inclusion", "severity": "high", "description": { "$ref": "#/files/description/17" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/13" } }, "cwe": [ "98" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "file", "inclusion", "error", "injection" ], "references": [ { "url": "https://www.owasp.org/index.php/PHP_File_Inclusion", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/18-form-based-file-upload.json0000664000175000017500000000065513534006177022225 0ustar etheth00000000000000{ "id": 18, "title": "Form-based File Upload", "severity": "informational", "description": { "$ref": "#/files/description/18" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/5" } }, "tags": [ "web", "file", "upload" ], "references": [ { "url": "https://www.owasp.org/index.php/Unrestricted_File_Upload", "title": "owasp.org" } ] }vulndb-0.1.3/vulndb/db/en/40-private-ip-address-disclosure.json0000664000175000017500000000071713534006177023656 0ustar etheth00000000000000{ "id": 40, "title": "Private IP address disclosure", "severity": "low", "description": { "$ref": "#/files/description/40" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/22" } }, "cwe": [ "200" ], "owasp_top_10": { "2013": [ 6 ] }, "references": [ { "url": "http://projects.webappsec.org/w/page/13246936/Information%20Leakage", "title": "WebAppSec" } ] }vulndb-0.1.3/vulndb/db/en/16-e-mail-address-disclosure.json0000664000175000017500000000035713534006177022745 0ustar etheth00000000000000{ "id": 16, "title": "E-mail address disclosure", "severity": "informational", "description": { "$ref": "#/files/description/16" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/3" } } }vulndb-0.1.3/vulndb/db/en/71-reflected-file-download.json0000664000175000017500000000112013534006177022451 0ustar etheth00000000000000{ "id": 71, "title": "Reflected File Download", "severity": "medium", "description": { "$ref": "#/files/description/71" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/27" } }, "cwe": [ "79" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "rfd", "reflected" ], "references": [ { "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/", "title": "Reflected File Download - A New Web Attack Vector" } ] }vulndb-0.1.3/vulndb/db/en/4-backup-file.json0000664000175000017500000000103413534006177020074 0ustar etheth00000000000000{ "id": 4, "title": "Backup file", "severity": "medium", "description": { "$ref": "#/files/description/4" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/21" } }, "cwe": [ "530" ], "owasp_top_10": { "2013": [ 5 ] }, "tags": [ "web", "path", "backup", "file", "discovery" ], "references": [ { "url": "http://www.webappsec.org/projects/threat/classes/information_leakage.shtml", "title": "WebAppSec" } ] }vulndb-0.1.3/vulndb/db/en/39-path-traversal.json0000664000175000017500000000112613534006177020741 0ustar etheth00000000000000{ "id": 39, "title": "Path Traversal", "severity": "high", "description": { "$ref": "#/files/description/39" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/13" } }, "cwe": [ "22" ], "owasp_top_10": { "2013": [ 4 ] }, "tags": [ "web", "path", "traversal", "injection" ], "references": [ { "url": "http://projects.webappsec.org/Path-Traversal", "title": "WASC" }, { "url": "https://www.owasp.org/index.php/Path_Traversal", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/74-phishing-vector.json0000664000175000017500000000064413534006177021120 0ustar etheth00000000000000{ "id": 74, "title": "Phishing vector", "severity": "low", "description": { "$ref": "#/files/description/74" }, "fix": { "effort": 30, "guidance": { "$ref": "#/files/fix/35" } }, "cwe": [ "451" ], "tags": [ "web", "phishing" ], "references": [ { "url": "https://www.owasp.org/index.php/Phishing", "title": "Phishing - OWASP" } ] }vulndb-0.1.3/vulndb/db/en/20-misconfiguration-in-limit-directive-of-htaccess-file.json0000664000175000017500000000072313534006177030162 0ustar etheth00000000000000{ "id": 20, "title": "Misconfiguration in LIMIT directive of .htaccess file", "severity": "high", "description": { "$ref": "#/files/description/20" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/51" } }, "tags": [ "web", "htaccess", "server", "limit" ], "references": [ { "url": "http://httpd.apache.org/docs/2.2/mod/core.html#limit", "title": "Apache.org" } ] }vulndb-0.1.3/vulndb/db/en/51-unvalidated-dom-redirect.json0000664000175000017500000000110413534006177022646 0ustar etheth00000000000000{ "id": 51, "title": "Unvalidated DOM redirect", "severity": "medium", "description": { "$ref": "#/files/description/51" }, "cwe": [ "601" ], "owasp_top_10": { "2013": [ 10 ] }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/29" } }, "tags": [ "web", "unvalidated", "redirect", "dom", "injection" ], "references": [ { "url": "https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards", "title": "OWASP Top 10 2010" } ] }vulndb-0.1.3/vulndb/db/en/55-cross-site-scripting-xss.json0000664000175000017500000000140513534006177022710 0ustar etheth00000000000000{ "id": 55, "title": "Reflected Cross-Site Scripting (XSS)", "severity": "high", "description": { "$ref": "#/files/description/55" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/20" } }, "cwe": [ "79" ], "owasp_top_10": { "2013": [ 3 ] }, "tags": [ "web", "xss", "injection", "script" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting", "title": "WASC" }, { "url": "http://secunia.com/advisories/9716/", "title": "Secunia" }, { "url": "https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/77-http-basic-authentication-credentials.json0000664000175000017500000000115013534006177025351 0ustar etheth00000000000000{ "id": 77, "title": "HTTP Basic Authentication credentials", "severity": "low", "description": { "$ref": "#/files/description/77" }, "fix": { "effort": 60, "guidance": { "$ref": "#/files/fix/14" } }, "cwe": [ "311" ], "owasp_top_10": { "2013": [ 2 ] }, "tags": [ "basic", "authentication", "clear-text", "base64" ], "references": [ { "url": "https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Weak_Authentication_Methods", "title": "OWASP Weak Authentication Methods" } ] }vulndb-0.1.3/vulndb/db/en/23-publicly-writable-directory.json0000664000175000017500000000071313534006177023432 0ustar etheth00000000000000{ "id": 23, "title": "Publicly writable directory", "severity": "high", "description": { "$ref": "#/files/description/23" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/23" } }, "tags": [ "web", "http", "methods", "put", "server" ], "references": [ { "url": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html", "title": "RFC-2616 document" } ] }vulndb-0.1.3/vulndb/db/en/45-sql-injection.json0000664000175000017500000000203313534006177020556 0ustar etheth00000000000000{ "id": 45, "title": "SQL Injection", "severity": "high", "description": { "$ref": "#/files/description/45" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/1" } }, "cwe": [ "89" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "sql", "injection", "database", "error" ], "references": [ { "url": "http://www.securiteam.com/securityreviews/5DP0N1P76E.html", "title": "SecuriTeam" }, { "url": "http://en.wikipedia.org/wiki/SQL_injection", "title": "Wikipedia" }, { "url": "https://www.owasp.org/index.php/SQL_Injection", "title": "OWASP" }, { "url": "http://projects.webappsec.org/w/page/13246963/SQL%20Injection", "title": "WASC" }, { "url": "http://www.w3schools.com/sql/sql_injection.asp", "title": "W3 Schools" }, { "url": "http://unixwiz.net/techtips/sql-injection.html", "title": "UnixWiz" } ] }vulndb-0.1.3/vulndb/db/en/26-access-control-allow-origin-star.json0000664000175000017500000000121613534006177024267 0ustar etheth00000000000000{ "id": 26, "title": "Access-Control-Allow-Origin header set to '*'", "severity": "medium", "description": { "$ref": "#/files/description/26" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/45" } }, "cwe": [ "346" ], "references": [ { "url": "https://www.owasp.org/index.php/CORS_OriginHeaderScrutiny", "title": "CORS security" }, { "url": "http://www.w3.org/TR/cors/", "title": "CORS W3C Specification" }, { "url": "https://en.wikipedia.org/wiki/Cross-origin_resource_sharing", "title": "CORS article at Wikipedia" } ] }vulndb-0.1.3/vulndb/db/en/66-insecure-ssl-version.json0000664000175000017500000000076713534006177022115 0ustar etheth00000000000000{ "id": 66, "title": "Insecure SSL version enabled", "severity": "medium", "description": { "$ref": "#/files/description/66" }, "fix": { "effort": 10, "guidance": { "$ref": "#/files/fix/34" } }, "tags": [ "web", "ssl" ], "cwe": [ "326" ], "owasp_top_10": { "2010": [ 9 ] }, "references": [ { "url": "https://support.microsoft.com/en-us/kb/187498", "title": "How to Disable SSL 2.0 in IIS" } ] }vulndb-0.1.3/vulndb/db/en/36-operating-system-command-injection.json0000664000175000017500000000121213534006177024703 0ustar etheth00000000000000{ "id": 36, "title": "Operating system command injection", "severity": "high", "description": { "$ref": "#/files/description/36" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/19" } }, "cwe": [ "78" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "os", "command", "code", "injection" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246950/OS%20Commanding", "title": "WASC" }, { "url": "https://www.owasp.org/index.php/OS_Command_Injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/24-insecure-client-access-policy.json0000664000175000017500000000104213534006177023620 0ustar etheth00000000000000{ "id": 24, "title": "Insecure client-access policy", "severity": "low", "description": { "$ref": "#/files/description/24" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/36" } }, "cwe": [ "346" ], "references": [ { "url": "https://msdn.microsoft.com/en-us/library/cc197955%28v=vs.95%29.aspx", "title": "MSDN" }, { "url": "https://www.owasp.org/index.php/Test_Cross_Origin_Resource_Sharing_%28OTG-CLIENT-007%29", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/32-mixed-resource.json0000664000175000017500000000077213534006177020736 0ustar etheth00000000000000{ "id": 32, "title": "Mixed Resource", "severity": "medium", "description": { "$ref": "#/files/description/32" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/4" } }, "tags": [ "web", "unencrypted", "resource", "javascript", "stylesheet" ], "references": [ { "url": "http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html", "title": "Google Online Security Blog" } ] }vulndb-0.1.3/vulndb/db/en/10-common-sensitive-file.json0000664000175000017500000000067713534006177022217 0ustar etheth00000000000000{ "id": 10, "title": "Common sensitive file", "severity": "low", "description": { "$ref": "#/files/description/10" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/10" } }, "tags": [ "web", "common", "path", "file", "discovery" ], "references": [ { "url": "http://httpd.apache.org/docs/2.0/mod/mod_access.html", "title": "Apache.org" } ] }vulndb-0.1.3/vulndb/db/en/3-backup-directory.json0000664000175000017500000000104113534006177021156 0ustar etheth00000000000000{ "id": 3, "title": "Backup directory", "severity": "medium", "description": { "$ref": "#/files/description/3" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/21" } }, "cwe": [ "530" ], "owasp_top_10": { "2013": [ 5 ] }, "tags": [ "web", "path", "backup", "file", "discovery" ], "references": [ { "url": "http://www.webappsec.org/projects/threat/classes/information_leakage.shtml", "title": "WebAppSec" } ] }vulndb-0.1.3/vulndb/db/en/description/0000775000175000017500000000000013534010726017176 5ustar etheth00000000000000vulndb-0.1.3/vulndb/db/en/description/56.md0000664000175000017500000000125213534006177017757 0ustar etheth00000000000000Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject scripts into a request and have the server return the script to the client, DOM XSS does not require that a request be sent to the server and may be abused entirely within the loaded page. This occurs when elements of the DOM (known as the sources) are able to be manipulated to contain untrusted data, which the client-side scripts (known as the sinks) use or execute an unsafe way.vulndb-0.1.3/vulndb/db/en/description/32.md0000664000175000017500000000161213534006177017751 0ustar etheth00000000000000The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private and prevent it from being intercepted, HTTP is often tunnelled through either a Secure Sockets Layer (SSL), or Transport Layer Security (TLS) connection. When either of these encryption standards are used, it is referred to as HTTPS. Cyber-criminals will often attempt to compromise sensitive information passed from the client to the server using HTTP. This can be conducted via various different Man-in-The-Middle (MiTM) attacks or through network packet captures. The tool discovered that the affected site is utilising both HTTP and HTTPS. While the HTML code is served over HTTPS, the server is also serving resources over an unencrypted channel, which can lead to the compromise of data, while providing a false sense of security to the user.vulndb-0.1.3/vulndb/db/en/description/1.md0000664000175000017500000000113413534006177017664 0ustar etheth00000000000000There are a number of HTTP methods that can be used on a webserver (`OPTIONS`, `HEAD`, `GET`, `POST`, `PUT`, `DELETE` etc.). Each of these methods perform a different function and each have an associated level of risk when their use is permitted on the webserver. A client can use the `OPTIONS` method within a request to query a server to determine which methods are allowed. Cyber-criminals will almost always perform this simple test as it will give a very quick indication of any high-risk methods being permitted by the server. The tool discovered that several methods are supported by the server.vulndb-0.1.3/vulndb/db/en/description/71.md0000664000175000017500000000150713534006177017757 0ustar etheth00000000000000The reflected file download vulnerability is an application weakness which allows a cyber-criminal to perform advanced social engineering attacks where an arbitrary executable file is downloaded by the user from vulnerable site. The contents of the executable file are controlled by the attacker and are never uploaded to the vulnerable site. This vulnerability, like many other Web attacks, begins by sending a malicious link to a victim. Unlike other attacks the exploitation finishes outside of the browser context: 1. The user follows a malicious link to a trusted web site 2. An executable file is downloaded and saved on the user's machine. All security indicators show that the file is 'hosted' on the trusted web site 3. The user executes the file which contains shell commands that gain complete control over the computer.vulndb-0.1.3/vulndb/db/en/description/31.md0000664000175000017500000000162613534006177017755 0ustar etheth00000000000000To restrict access to specific pages on a webserver, developers can implement various methods of authentication, therefore only allowing access to clients with valid credentials. There are several forms of authentication that can be used. The simplest forms of authentication are known as 'Basic' and 'Basic Realm'. These methods of authentication have several known weaknesses such as being susceptible to brute force attacks. Additionally, when utilising the NTLM mechanism in a windows environment, several disclosures of information exist, and any brute force attack occurs against the server's local users, or domain users if the web server is a domain member. Cyber-criminals will attempt to locate protected pages to gain access to them and also perform brute force attacks to discover valid credentials. The tool discovered the following page requires NTLM based basic authentication in order to be accessed.vulndb-0.1.3/vulndb/db/en/description/10.md0000664000175000017500000000144113534006177017745 0ustar etheth00000000000000Web applications are often made up of multiple files and directories. It is possible that over time some files may become unreferenced (unused) by the web application and forgotten about by the administrator/developer. Because web applications are built using common frameworks, they contain common files that can be discovered (independent of server). During the initial recon stages of an attack, cyber-criminals will attempt to locate unreferenced files in the hope that the file will assist in further compromise of the web application. To achieve this they will make thousands of requests using word lists containing common filenames. The response headers from the server will then indicate if the file exists. The tool also contains a list of common file names which it will attempt to access.vulndb-0.1.3/vulndb/db/en/description/44.md0000664000175000017500000000256413534006177017763 0ustar etheth00000000000000A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages (such as those that run in the browser -- like JavaScript) and server-side languages (which are executed by the server -- like ASP, PHP, JSP, etc.) to form the dynamic pages (client-side code) that are then sent to the client. Because all server side code should be executed by the server, it should never be seen by the client. However in some scenarios, it is possible that: 1. The server side code has syntax errors and therefore is not executed by the server but is instead sent to the client 2. Using crafted requests it is possible to force the server into displaying the source code of the application without executing it. As the server-side source code often contains sensitive information, such as database connection strings or details into the application workflow, this can be extremely risky. Cyber-criminals will attempt to discover pages that either accidentally or forcefully allow the server-side source code to be disclosed, to assist in discovering further vulnerabilities or sensitive information. The tool has detected server-side source code within the server's response. _(False positives may occur when requesting binary files such as images (.JPG or .PNG) and may require manual verification.)_vulndb-0.1.3/vulndb/db/en/description/13.md0000664000175000017500000000256213534006177017755 0ustar etheth00000000000000In the majority of today's web applications, clients are required to submit forms which can perform sensitive operations. An example of such a form being used would be when an administrator wishes to create a new user for the application. In the simplest version of the form, the administrator would fill-in: * Name * Password * Role (level of access) Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction. Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack. There are 3 things that are required for a CSRF attack to occur: 1. The form must perform some sort of sensitive action. 2. The victim (the administrator the example above) must have an active session. 3. Most importantly, all parameter values must be **known** or **guessable**. The tool discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF. _Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc._vulndb-0.1.3/vulndb/db/en/description/20.md0000664000175000017500000000117213534006177017747 0ustar etheth00000000000000There are a number of HTTP methods that can be used on a webserver (for example `OPTIONS`, `HEAD`, `GET`, `POST`, `PUT`, `DELETE `etc.). Each of these methods perform a different function, and each has an associated level of risk when their use is permitted on the webserver. The `` directive within Apache's `.htaccess` file allows administrators to define which of the methods they would like to block. However, as this is a blacklisting approach, it is inevitable that a server administrator may accidentally miss adding certain HTTP methods to be blocked, thus increasing the level of risk to the application and/or server.vulndb-0.1.3/vulndb/db/en/description/3.md0000664000175000017500000000141713534006177017672 0ustar etheth00000000000000A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup (examples include `.bak`, `.orig`, `.backup`, etc.). During the initial recon stages of an attack, cyber-criminals will attempt to locate backup directories by adding common extensions onto directories already discovered on the webserver. By analysing the response headers from the server they are able to determine if a backup directory exists. These backup directories can then assist in the compromise of the web application. By utilising the same method, the tool was able to discover a possible backup directory.vulndb-0.1.3/vulndb/db/en/description/18.md0000664000175000017500000000115513534006177017757 0ustar etheth00000000000000The design of many web applications require that users be able to upload files that will either be stored or processed by the receiving web server. The tool has flagged this not as a vulnerability, but as a prompt for the penetration tester to conduct further manual testing on the file upload function. An insecure form-based file upload could allow a cyber-criminal a means to abuse and successfully exploit the server directly, and/or any third party that may later access the file. This can occur through uploading a file containing server side-code (such as PHP) that is then executed when requested by the client.vulndb-0.1.3/vulndb/db/en/description/33.md0000664000175000017500000000077313534006177017761 0ustar etheth00000000000000A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components. The tool discovered that the affected page and parameter are vulnerable. This injection was detected as the tool was able to discover known error messages within the server's response.vulndb-0.1.3/vulndb/db/en/description/74.md0000664000175000017500000000107613534006177017763 0ustar etheth00000000000000The web user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. An example of this vulnerability is the possibility to control the `src` attribute of an iframe tag using a query string parameter.vulndb-0.1.3/vulndb/db/en/description/42.md0000664000175000017500000000174113534006177017755 0ustar etheth00000000000000Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example `example.com/error.php?page=404.php`. A remote file inclusion occurs when the parameter value (ie. path to file being called by the server) can be substituted with the address of remote resource -- for example: `yoursite.com/error.asp?page=http://anothersite.com/somethingBad.php` In some cases, the server will process the fetched resource; therefore, if the resource contains server-side code matching that of the framework being used (ASP, PHP, JSP, etc.), it is probable that the resource will be executed as if it were part of the web application. The tool discovered that it was possible to substitute a parameter value with an external resource and have the server fetch it and include its contents in the response.vulndb-0.1.3/vulndb/db/en/description/8.md0000664000175000017500000000134113534006177017673 0ustar etheth00000000000000A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages (such as those that run in the browser -- like JavaScript) and server-side languages (which are executed by the server -- like ASP, PHP, JSP, etc.) to form the dynamic pages (client-side code) that are then sent to the client. Because all server-side code should be executed by the server, it should only ever come from a trusted source. Code injection occurs when the server takes untrusted code (ie. from the client) and executes it. Cyber-criminals will abuse this weakness to execute arbitrary code on the server, which could result in complete server compromise.vulndb-0.1.3/vulndb/db/en/description/68.md0000664000175000017500000000077513534006177017773 0ustar etheth00000000000000GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka 'ShellShock'vulndb-0.1.3/vulndb/db/en/description/26.md0000664000175000017500000000134413534006177017756 0ustar etheth00000000000000Cross-Origin Resource Sharing (CORS) is one of the new HTML5 technologies which is widely implemented to create Web2.0 applications. CORS allows the browser to perform HTTP requests to a domain outside the Same-Origin Policy and access the response body. This feature is secured by a new set of HTTP headers, being `Access-Control-Allow-Origin` one of the most important ones. It was possible to identify an HTTP response which contained the `Access-Control-Allow-Origin` header value set to '*', which allows any third-party domain to perform requests and read the responses. While this configuration is not a vulnerability per-se, it's only recommended for sites which provide information that's public such as weather or stock prices.vulndb-0.1.3/vulndb/db/en/description/70.md0000664000175000017500000000156213534006177017757 0ustar etheth00000000000000Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting (XSS) allows clients to inject arbitrary scripting code into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or encoding. Persistent Cross Site Scripting vulnerabilities occur when the application stores user controlled information and then uses it to render HTTP response bodies to other clients. This type of vulnerability can be used by a cyber-criminal to perform session hijacking, phishing or denial of service attacks against other web application users.vulndb-0.1.3/vulndb/db/en/description/23.md0000664000175000017500000000157113534006177017755 0ustar etheth00000000000000There are various methods in which a file (or files) may be uploaded to a webserver. One method that can be used is the HTTP `PUT` method. The `PUT` method is mainly used during development of applications and allows developers to upload (or put) files on the server within the web root. By nature of the design, the `PUT` method typically does not provide any filtering and therefore allows sever side executable code (PHP, ASP, etc) to be uploaded to the server. Cyber-criminals will search for servers supporting the `PUT` method with the intention of modifying existing pages, or uploading web shells to take control of the server. The tool has discovered that the affected path allows clients to use the `PUT` method. During this test, the tool has `PUT` a file on the server within the web root and successfully performed a `GET` request to its location and verified the contents.vulndb-0.1.3/vulndb/db/en/description/30.md0000664000175000017500000000147313534006177017754 0ustar etheth00000000000000Lightweight Directory Access Protocol (LDAP) is used by web applications to access and maintain directory information services. One of the most common uses for LDAP is to provide a Single-Sign-On (SSO) service that will allow clients to authenticate with a web site without any interaction (assuming their credentials have been validated by the SSO provider). LDAP injection occurs when untrusted data is used by the web application to query the LDAP directory without prior sanitisation. This is a serious security risk, as it could allow cyber-criminals the ability to query, modify, or remove anything from the LDAP tree. It could also allow other advanced injection techniques that perform other more serious attacks. The tool was able to detect a page that is vulnerable to LDAP injection based on known error messages.vulndb-0.1.3/vulndb/db/en/description/55.md0000664000175000017500000000103013534006177017750 0ustar etheth00000000000000Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting (XSS) allows clients to inject arbitrary scripting code into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or encoding.vulndb-0.1.3/vulndb/db/en/description/67.md0000664000175000017500000000037613534006177017767 0ustar etheth00000000000000The server's TLS/SSL certificate is self-signed. Self-signed certificates are not trusted by browsers and other HTTP clients, especially because TLS/SSL man-in-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.vulndb-0.1.3/vulndb/db/en/description/38.md0000664000175000017500000000141513534006177017760 0ustar etheth00000000000000In typical form-based web applications, it is common practice for developers to allow `autocomplete` within the HTML form to improve the usability of the page. With `autocomplete` enabled (default), the browser is allowed to cache previously entered form values. For legitimate purposes, this allows the user to quickly re-enter the same data when completing the form multiple times. When `autocomplete` is enabled on either/both the username and password fields, this could allow a cyber-criminal with access to the victim's computer the ability to have the victim's credentials automatically entered as the cyber-criminal visits the affected page. The tool has discovered that the affected page contains a form containing a password field that has not disabled `autocomplete`.vulndb-0.1.3/vulndb/db/en/description/54.md0000664000175000017500000000163013534006177017755 0ustar etheth00000000000000XML Path Language (XPath) queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the application will perform an XPath query to confirm the login credentials and retrieve that user's information to use in the following request. XPath injection occurs where untrusted data is used to build XPath queries. Cyber-criminals may abuse this injection vulnerability to bypass authentication, query other user's information, or, if the XML document contains privileged user credentials, allow the cyber-criminal to escalate their privileges. The tool injected special XPath query characters into the page and based on the responses from the server, has determined that the page is vulnerable to XPath injection.vulndb-0.1.3/vulndb/db/en/description/15.md0000664000175000017500000000100413534006177017745 0ustar etheth00000000000000Web servers permitting directory listing are typically used for sharing files. Directory listing allows the client to view a simple list of all the files and folders hosted on the web server. The client is then able to traverse each directory and download the files. Cyber-criminals will utilise the presence of directory listing to discover sensitive files, download protected content, or even just learn how the web application is structured. The tool discovered that the affected page permits directory listing.vulndb-0.1.3/vulndb/db/en/description/43.md0000664000175000017500000000246513534006177017762 0ustar etheth00000000000000HTTP by itself is a stateless protocol; therefore, the server is unable to determine which requests are performed by which client and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers allows a web server to identify each individual client and can thus determine which clients hold valid authentication from those that do not. These are known as session cookies or session tokens. To prevent clients from being able to guess each other's session token, each assigned session token should be entirely random and be different whenever a session is established with the server. Session fixation occurs when the client is able to specify their own session token value and the value of the session cookie is not changed by the server after successful authentication. Occasionally, the session token will also remain unchanged for the user independently of how many times they have authenticated. Cyber-criminals will abuse this functionality by sending crafted URL links with a predetermined session token within the link. The cyber-criminal will then wait for the victim to login and become authenticated. If successful, the cyber-criminal will know a valid session ID and therefore have access to the victim's session. The tool has discovered that it is able to set its own session token.vulndb-0.1.3/vulndb/db/en/description/45.md0000664000175000017500000000215213534006177017755 0ustar etheth00000000000000Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries. To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself. An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components. The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities. This injection was detected as the tool was able to cause the server to respond to the request with a database related error.vulndb-0.1.3/vulndb/db/en/description/41.md0000664000175000017500000000125213534006177017751 0ustar etheth00000000000000HTTP response splitting occurs when untrusted data is inserted into the response headers without any sanitisation. If successful, this allows cyber-criminals to essentially split the HTTP response in two. This is abused by cyber-criminals injecting CR (Carriage Return -- `/r`) and LF (Line Feed -- ` `) characters which will then form the split. If the CR or LF characters are not processed by the server then it cannot be exploited. Along with these characters, cyber-criminals can then construct their own arbitrary response headers and body which would then form the second response. The second response is entirely under their control, allowing for a number of other attacks.vulndb-0.1.3/vulndb/db/en/description/76.md0000664000175000017500000000123013534006177017755 0ustar etheth00000000000000'X-Content-Type-Options' is a type of HTTP header that can be used to prevent MIME content-sniffing attacks in Internet Explorer and Google Chrome. MIME content-sniffing is a mechanism that allows browsers to inspect and dynamically guess the content type and file type. MIME Sniffing checking algorithm has known problems which might allow users to upload files that might contain malicous code. If an attacker can spoof a file type/content and upload it to the application successfully, it is possible to inject malicous code which can be downloaded and viewed by other users of the application. This can lead to attacks such as persistant Cross-Site Scripting.vulndb-0.1.3/vulndb/db/en/description/25.md0000664000175000017500000000210513534006177017751 0ustar etheth00000000000000HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can therefore determine which clients hold valid authentication, from those that do not. These are known as session cookies. When a cookie is set by the server (sent the header of an HTTP response) there are several flags that can be set to configure the properties of the cookie and how it is to be handled by the browser. One of these flags is known as the `secure` flag. When the secure flag is set, the browser will prevent it from being sent over a clear text channel (HTTP) and only allow it to be sent when an encrypted channel is used (HTTPS). The tool discovered that a cookie was set by the server without the secure flag being set. Although the initial setting of this cookie was via an HTTPS connection, any HTTP link to the same server will result in the cookie being send in clear text.vulndb-0.1.3/vulndb/db/en/description/64.md0000664000175000017500000000063113534006177017756 0ustar etheth00000000000000An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.vulndb-0.1.3/vulndb/db/en/description/63.md0000664000175000017500000000131613534006177017756 0ustar etheth00000000000000The `TRACE` HTTP method allows a client so send a request to the server, and have the same request then send back in the server's response. This allows the client to determine if the server is receiving the request as expected or if specific parts of the request are not arriving as expected. For example incorrect encoding or a load balancer has filtered or changed a value. On many default installations the `TRACE` method is still enabled. While not vulnerable by itself, it does provide a method for cyber-criminals to bypass the `HTTPOnly` cookie flag, and therefore could allow a XSS attack to successfully access a session token. The tool has discovered that the affected page permits the HTTP `TRACE` method.vulndb-0.1.3/vulndb/db/en/description/35.md0000664000175000017500000000150113534006177017751 0ustar etheth00000000000000Origin headers are utilised by proxies and/or load balancers to track the originating IP address of the client. As the request progresses through a proxy, the origin header is added to the existing headers, and the value of the client's IP is then set within this header. Occasionally, poorly implemented access restrictions are based off of the originating IP address alone. For example, any public IP address may be forced to authenticate, while an internal IP address may not. Because this header can also be set by the client, it allows cyber-criminals to spoof their IP address and potentially gain access to restricted pages. The tool discovered a resource that it did not have permission to access, but been granted access after spoofing the address of localhost (127.0.0.1), thus bypassing any requirement to authenticate.vulndb-0.1.3/vulndb/db/en/description/34.md0000664000175000017500000000114413534006177017753 0ustar etheth00000000000000A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components. The tool discovered that the affected page and parameter are vulnerable. This injection was detected as the tool was able to inject specific NoSQL queries that if vulnerable result in the responses for each injection being different. This is known as a blind NoSQL injection vulnerability.vulndb-0.1.3/vulndb/db/en/description/27.md0000664000175000017500000000150313534006177017754 0ustar etheth00000000000000The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL policy file for Silverlight is located, by default, in the root directory of the target server, with the name `crossdomain.xml` (for example, at `www.example.com/crossdomain.xml`). When a domain is specified in `crossdomain.xml`, the site declares that it is willing to allow the operators of any servers in that domain to obtain any document on the server where the policy file resides. The `crossdomain.xml` file deployed on this website opens the server to all domains (use of a single asterisk "*" as a pure wildcard is supported).vulndb-0.1.3/vulndb/db/en/description/46.md0000664000175000017500000000227613534006177017765 0ustar etheth00000000000000Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries. To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself. An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components. The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities. Injection was detected as it was possible to inject specific SQL queries, that if vulnerable, result in the responses for each injection being different. This is known as a blind SQL injection vulnerability.vulndb-0.1.3/vulndb/db/en/description/50.md0000664000175000017500000000135513534006177017755 0ustar etheth00000000000000Web applications occasionally use parameter values to store the address of the page to which the client will be redirected -- for example: `yoursite.com/page.asp?redirect=www.yoursite.com/404.asp` An unvalidated redirect occurs when the client is able to modify the affected parameter value in the request and thus control the location of the redirection. For example, the following URL `yoursite.com/page.asp?redirect=www.anothersite.com` will redirect to `www.anothersite.com`. Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites. The tool has discovered that the server does not validate the parameter value prior to redirecting the client to the injected value.vulndb-0.1.3/vulndb/db/en/description/16.md0000664000175000017500000000107413534006177017755 0ustar etheth00000000000000Email addresses are typically found on "Contact us" pages, however, they can also be found within scripts or code comments of the application. They are used to provide a legitimate means of contacting an organisation. As one of the initial steps in information gathering, cyber-criminals will spider a website and using automated methods collect as many email addresses as possible, that they may then use in a social engineering attack. Using the same automated methods, the tool was able to detect one or more email addresses that were stored within the affected page.vulndb-0.1.3/vulndb/db/en/description/2.md0000664000175000017500000000204013534006177017662 0ustar etheth00000000000000If a server has been previously compromised, there is a high probability that the cyber-criminal has installed a backdoor so that they can easily return to the server if required. One method of achieving this is to place a web backdoor or web shell within the web root of the web server. This will then enable the cyber-criminal to access the server through a HTTP/S session. Although extremely bad practice, it is possible that the web backdoor or web shell has been placed there by an administrator so they can perform administrative activities remotely. During the initial recon stages of an attack, cyber-criminals will attempt to locate these web backdoors or shells by requesting the names of the most common and well known ones. By analysing the response, they are able to determine if a web backdoor or web shell exists. These web backdoors or web shells can then provide an easy path for further compromise of the server. By utilising the same methods as the cyber-criminals, the tool was able to discover a possible web backdoor or web shell.vulndb-0.1.3/vulndb/db/en/description/9.md0000664000175000017500000000147613534006177017705 0ustar etheth00000000000000Web applications are often made up of multiple files and directories. It is possible that over time some directories may become unreferenced (unused) by the web application and forgotten about by the administrator/developer. Because web applications are built using common frameworks, they contain common directories that can be discovered (independent of server). During the initial recon stages of an attack, cyber-criminals will attempt to locate unreferenced directories in the hope that the directory will assist in further compromise of the web application. To achieve this they will make thousands of requests using word lists containing common names. The response headers from the server will then indicate if the directory exists. The tool also contains a list of common directory names which it will attempt to access.vulndb-0.1.3/vulndb/db/en/description/52.md0000664000175000017500000000147213534006177017757 0ustar etheth00000000000000Web Distributed Authoring and Versioning (WebDAV) is a facility that enables basic file management (reading and writing) to a web server. It essentially allows the webserver to be mounted by the client as a traditional file system allowing users a very simplistic means to access it as they would any other medium or network share. If discovered, attackers will attempt to harvest information from the WebDAV enabled directories, or even upload malicious files that could then be used to compromise the server. The tool discovered that the affected page allows WebDAV access. This was discovered as the server allowed several specific methods that are specific to WebDAV (`PROPFIND`, `PROPPATCH`, etc.), however, further testing should be conducted on the WebDAV component specifically as the tool does support this feature.vulndb-0.1.3/vulndb/db/en/description/75.md0000664000175000017500000000046413534006177017764 0ustar etheth00000000000000Web Applications often have predictable usernames and weak password policies set. This can easily allow an attacker to gain unauthorized access into the application by guessing the credentials used for authentication. It was possible to guess and gain a set a valid credentials for the application is scope.vulndb-0.1.3/vulndb/db/en/description/22.md0000664000175000017500000000164213534006177017753 0ustar etheth00000000000000HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can therefore determine which clients hold valid authentication, from those that do not. These are known as session cookies. When a cookie is set by the server (sent the header of an HTTP response) there are several flags that can be set to configure the properties of the cookie and how it is to be handled by the browser. The `HttpOnly` flag assists in the prevention of client side-scripts (such as JavaScript) accessing and using the cookie. This can help prevent XSS attacks targeting the cookies holding the client's session token (setting the `HttpOnly` flag does not prevent, nor safeguard against XSS vulnerabilities themselves).vulndb-0.1.3/vulndb/db/en/description/19.md0000664000175000017500000000170413534006177017760 0ustar etheth00000000000000The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer (SSL) or Transport Layer Security (TLS). When either of these encryption standards are used, it is referred to as HTTPS. HTTP Strict Transport Security (HSTS) is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. This will be enforced by the browser even if the user requests a HTTP resource on the same server. Cyber-criminals will often attempt to compromise sensitive information passed from the client to the server using HTTP. This can be conducted via various Man-in-The-Middle (MiTM) attacks or through network packet captures. The tool discovered that the affected application is using HTTPS however does not use the HSTS header.vulndb-0.1.3/vulndb/db/en/description/29.md0000664000175000017500000000035313534006177017760 0ustar etheth00000000000000The server responded with a strange HTTP status code. This is a non-issue however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the information security analysis.vulndb-0.1.3/vulndb/db/en/description/12.md0000664000175000017500000000074213534006177017752 0ustar etheth00000000000000Credit card numbers are used in applications where a user is able to purchase goods and/or services. A credit card number is a sensitive piece of information and should be handled as such. Cyber-criminals will use various methods to attempt to compromise credit card information that can then be used for fraudulent purposes. Through the use of regular expressions and CC number format validation, It was possible to discover a credit card number located within the affected page.vulndb-0.1.3/vulndb/db/en/description/72.md0000664000175000017500000000020413534006177017751 0ustar etheth00000000000000The `cache-control` and `pragma` HTTP header have not been set properly allowing the browser and proxies to cache the HTTP response.vulndb-0.1.3/vulndb/db/en/description/5.md0000664000175000017500000000130213534006177017665 0ustar etheth00000000000000To prevent the automated abuse of a page, applications can implement what is known as a CAPTCHA. These are used to ensure human interaction with the application and are often used on forms where the application conducts sensitive actions. These typically include user registration, or submitting emails via "Contact Us" pages etc. The tool has flagged this not as a vulnerability, but as a prompt for the penetration tester to conduct further manual testing on the CAPTCHA function, as The tool cannon audit CAPTCHA protected forms. Testing for insecurely implemented CAPTCHA is a manual process, and an insecurely implemented CAPTCHA could allow a cyber-criminal a means to abuse these sensitive actions.vulndb-0.1.3/vulndb/db/en/description/4.md0000664000175000017500000000140313534006177017666 0ustar etheth00000000000000A common practice when administering web applications is to create a copy/backup of a particular file or directory prior to making any modification to the file. Another common practice is to add an extension or change the name of the original file to signify that it is a backup (examples include `.bak`, `.orig`, `.backup`, etc.). During the initial recon stages of an attack, cyber-criminals will attempt to locate backup files by adding common extensions onto files already discovered on the webserver. By analysing the response headers from the server they are able to determine if the backup file exists. These backup files can then assist in the compromise of the web application. By utilising the same method, the tool was able to discover a possible backup file.vulndb-0.1.3/vulndb/db/en/description/48.md0000664000175000017500000000051313534006177017757 0ustar etheth00000000000000The US Social Security Number (SSN) is a personally identifiable number that is issued to its citizens. A stolen or leaked SSN can lead to a compromise, and/or the theft of the affected individual's identity. Through the use of regular expressions, the tool has discovered an SSN located within the response of the affected page.vulndb-0.1.3/vulndb/db/en/description/69.md0000664000175000017500000000036713534006177017771 0ustar etheth00000000000000Incorrect permissions and/or missing authentication were discovered on FrontPage extensions used for publishing content. A cyber-criminal might use this vulnerability to deface web sites and potentially gain remote code execution on the server.vulndb-0.1.3/vulndb/db/en/description/14.md0000664000175000017500000000152613534006177017755 0ustar etheth00000000000000Concurrent Version System (CVS) and Subversion (SVN) provide a method for application developers to control different versions of their code. Occasionally, the developer's version or user information can be stored incorrectly within the code and may be visible to the end user (either in the HTML or code comments). As one of the initial steps in information gathering, cyber-criminals will spider a website and using automated methods attempt to discover any CVS/SVN information that may be present in the page. This will aid them in developing a better understanding of the deployed application (potentially through the disclosure of version information), or it may assist in further information gathering or social engineering attacks. Using the same automated methods, the tool was able to detect CVS or SVN details stored within the affected page.vulndb-0.1.3/vulndb/db/en/description/51.md0000664000175000017500000000132413534006177017752 0ustar etheth00000000000000Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected -- for example: `yoursite.com/#/?redirect=www.yoursite.com/404.asp` An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus control the location of the redirection. For example, the following URL `yoursite.com/#/?redirect=www.anothersite.com` will redirect to `www.anothersite.com`. Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites. The tool has discovered that the web page does not validate the parameter value prior to redirecting the client to the injected value.vulndb-0.1.3/vulndb/db/en/description/66.md0000664000175000017500000000107113534006177017757 0ustar etheth00000000000000The server accepts SSL connections which use the insecure SSLv2 protocol. SSLv2 is an old implementation of the Secure Sockets Layer protocol which suffers from a number of security flaws allowing attackers to capture and alter information passed between a client and the server. SSLv2 has been deprecated and is no longer recommended. Note that neither SSLv2 nor SSLv3 meet the U.S. FIPS 140-2 standard, which governs cryptographic modules for use in federal information systems. Only the newer TLS (Transport Layer Security) protocol meets FIPS 140-2 requirements.vulndb-0.1.3/vulndb/db/en/description/40.md0000664000175000017500000000117713534006177017756 0ustar etheth00000000000000Private, or non-routable, IP addresses are generally used within a home or company network and are typically unknown to anyone outside of that network. Cyber-criminals will attempt to identify the private IP address range being used by their victim, to aid in collecting further information that could then lead to a possible compromise. The tool discovered that the affected page returned a RFC 1918 compliant private IP address and therefore could be revealing sensitive information. _This finding typically requires manual verification to ensure the context is correct, as any private IP address within the HTML body will trigger it.vulndb-0.1.3/vulndb/db/en/description/17.md0000664000175000017500000000132613534006177017756 0ustar etheth00000000000000Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example `example.com/error.php?page=404.php`. A file inclusion occurs when the parameter value (ie. path to file) can be substituted with the path of another resource on the same server, effectively allowing the displaying of arbitrary, and possibly restricted/sensitive, files. The tool discovered that it was possible to substitute a parameter value with another resource and have the server return the contents of the resource to the client within the response.vulndb-0.1.3/vulndb/db/en/description/77.md0000664000175000017500000000150313534006177017761 0ustar etheth00000000000000Basic Access Authentication is an authentication method which uses base64 encoding and transmits login credentials in cleartext between a server and client. This is considered insecure because credentials are transmitted over unencrypted channels which makes it vulnerable to network eavesdropping attacks. Furthermore, base64 encoding is considered weak because it can be easily decoded to reveal the original content. If an application requires authentication, it will send a `WWW-Authenticate` header with a `401 Unauthorized` HTTP status code. Then, the client will need to send the server credentials through an `Authorization` header. The credentials are transmitted as a 'name:password' string format in the header.A well-positioned attacker can capture the usernames and passwords by sniffing traffic coming to these services.vulndb-0.1.3/vulndb/db/en/description/11.md0000664000175000017500000000174113534006177017751 0ustar etheth00000000000000HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can therefore determine which clients hold valid authentication, from those that do not. These are known as session cookies. When a cookie is set by the server (sent the header of an HTTP response) there are several flags that can be set to configure the properties of the cookie and how it is to be handled by the browser. One of these flags represents the host, or domain. for which the cookie can be used. When the cookie is set for the parent domain, rather than the host, this could indicate that the same cookie could be used to access other hosts within that domain. While there are many legitimate reasons for this, it could also be misconfiguration expanding the possible surface of attacks.vulndb-0.1.3/vulndb/db/en/description/53.md0000664000175000017500000000135213534006177017755 0ustar etheth00000000000000Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. The server didn't return an `X-Frame-Options` header which means that this website could be at risk of a clickjacking attack. The `X-Frame-Options` HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.vulndb-0.1.3/vulndb/db/en/description/39.md0000664000175000017500000000240613534006177017762 0ustar etheth00000000000000Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example `example.com/error.php?page=404.php`. A path traversal occurs when the parameter value (ie. path to file being called by the server) can be substituted with the relative path of another resource which is located outside of the applications working directory. The server then loads the resource and includes its contents in the response to the client. Cyber-criminals will abuse this vulnerability to view files that should otherwise not be accessible. A very common example of this, on *nix servers, is gaining access to the `/etc/passwd` file in order to retrieve a list of server users. This attack would look like: `yoursite.com/error.php?page=../../../../etc/passwd` As path traversal is based on the relative path, the payload must first traverse to the file system's root directory, hence the string of `../../../../`. The tool discovered that it was possible to substitute a parameter value with a relative path to a common operating system file and have the contents of the file included in the response.vulndb-0.1.3/vulndb/db/en/description/36.md0000664000175000017500000000136213534006177017757 0ustar etheth00000000000000To perform specific actions from within a web application, it is occasionally required to run Operating System commands and have the output of these commands captured by the web application and returned to the client. OS command injection occurs when user supplied input is inserted into one of these commands without proper sanitisation and is then executed by the server. Cyber-criminals will abuse this weakness to perform their own arbitrary commands on the server. This can include everything from simple `ping` commands to map the internal network, to obtaining full control of the server. It was possible to inject and verify the execution of specific Operating System commands which indicates that proper input sanitisation is not occurring.vulndb-0.1.3/vulndb/db/en/description/6.md0000664000175000017500000000165113534006177017675 0ustar etheth00000000000000A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages (such as those that run in the browser -- like JavaScript) and server-side languages (which are executed by the server -- like ASP, PHP, JSP, etc.) to form the dynamic pages (client-side code) that are then sent to the client. Because all server-side code should be executed by the server, it should only ever come from a trusted source. Code injection occurs when the server takes untrusted code (ie. from the client) and executes it. Cyber-criminals will abuse this weakness to execute arbitrary code on the server, which could result in complete server compromise. The tool was able to inject specific server-side code and have the executed output from the code contained within the server response. This indicates that proper input sanitisation is not occurring.vulndb-0.1.3/vulndb/db/en/description/49.md0000664000175000017500000000147313534006177017766 0ustar etheth00000000000000The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private, and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer (SSL), or Transport Layer Security (TLS). When either of these encryption standards are used it is referred to as HTTPS. Cyber-criminals will often attempt to compromise credentials passed from the client to the server using HTTP. This can be conducted via various different Man-in-The-Middle (MiTM) attacks or through network packet captures. The tool discovered that the affected page contains a `password` input, however, the value of the field is not sent to the server utilising HTTPS. Therefore it is possible that any submitted credential may become compromised.vulndb-0.1.3/vulndb/db/en/description/73.md0000664000175000017500000000107013534006177017754 0ustar etheth00000000000000Information Leakage is an application weakness where an application reveals sensitive data, such as technical details of the web application, environment, or user-specific data. Sensitive data may be used by an attacker to exploit the target web application, its hosting network, or its users. In its most common form, information leakage is the result of one or more of the following conditions: * A failure to scrub out HTML/Script comments containing sensitive information * Improper application or server configurations * Improper application error handling vulndb-0.1.3/vulndb/db/en/description/47.md0000664000175000017500000000235213534006177017761 0ustar etheth00000000000000Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application (or other programs). Web applications retrieve data from the database by using Structured Query Language (SQL) queries. To meet demands of many developers, database servers (such as MSSQL, MySQL, Oracle etc.) have additional built-in functionality that can allow extensive control of the database and interaction with the host operating system itself. An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. This could allow cyber-criminals to execute arbitrary SQL code and steal data or use the additional functionality of the database server to take control of more server components. The successful exploitation of a SQL injection can be devastating to an organisation and is one of the most commonly exploited web application vulnerabilities. This injection was detected as the tool was able to inject specific SQL queries, that if vulnerable, result in the responses for each request being delayed before being sent by the server. This is known as a time-based blind SQL injection vulnerability.vulndb-0.1.3/vulndb/db/en/description/21.md0000664000175000017500000000041013534006177017742 0ustar etheth00000000000000Most automated tools are not able to analyze the security of client-side technologies such as Flash and Java applets. This informational finding serves as a heads-up to the information security specialist to review the objects in question using a different method.vulndb-0.1.3/vulndb/db/en/description/24.md0000664000175000017500000000154013534006177017752 0ustar etheth00000000000000The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL policy file for Silverlight is located, by default, in the root directory of the target server, with the name `ClientAccessPolicy.xml` (for example, at `www.example.com/ClientAccessPolicy.xml`). When a domain is specified in `ClientAccessPolicy.xml`, the site declares that it is willing to allow the operators of any servers in that domain to obtain any document on the server where the policy file resides. The `ClientAccessPolicy.xml` file deployed on this website opens the server to all domains (use of a single asterisk "*" as a pure wildcard is supported).vulndb-0.1.3/vulndb/db/en/description/65.md0000664000175000017500000000114613534006177017761 0ustar etheth00000000000000Many web applications allow users to upload files that will either be stored or processed by the receiving web server. It was possible to identify a form which allows files with arbitrary content and extension to be uploaded to the remote server, and then stores the uploaded file to a guessable path in the server's web root. This could be used by a cyber-criminal to host content from the vulnerable server for phishing and Cross-Site Scripting attacks. In cases where the server is configured to execute scripts (PHP, Ruby, etc.) this vulnerability can be used to gain remote code execution on the server.vulndb-0.1.3/vulndb/db/en/52-webdav.json0000664000175000017500000000101113534006177017240 0ustar etheth00000000000000{ "id": 52, "title": "WebDAV", "severity": "informational", "description": { "$ref": "#/files/description/52" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/52" } }, "tags": [ "web", "webdav", "options", "methods", "server" ], "references": [ { "url": "https://tools.ietf.org/html/rfc4918", "title": "WebDAV.org" }, { "url": "http://en.wikipedia.org/wiki/WebDAV", "title": "Wikipedia" } ] }vulndb-0.1.3/vulndb/db/en/8-code-injection.json0000664000175000017500000000174313534006177020617 0ustar etheth00000000000000{ "id": 8, "title": "Code injection (timing attack)", "severity": "high", "description": { "$ref": "#/files/description/8" }, "cwe": [ "95" ], "owasp_top_10": { "2013": [ 1 ] }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/47" } }, "tags": [ "web", "code", "injection", "blind" ], "references": [ { "url": "http://docs.python.org/py3k/library/functions.html#eval", "title": "Python eval documentation" }, { "url": "http://www.aspdev.org/asp/asp-eval-execute/", "title": "ASP eval documentation" }, { "url": "http://en.wikipedia.org/wiki/Eval#Ruby", "title": "Ruby eval documentation" }, { "url": "http://php.net/manual/en/function.eval.php", "title": "PHP eval documentation" }, { "url": "http://perldoc.perl.org/functions/eval.html", "title": "Perl eval documentation" } ] }vulndb-0.1.3/vulndb/db/en/30-ldap-injection.json0000664000175000017500000000112313534006177020670 0ustar etheth00000000000000{ "id": 30, "title": "LDAP Injection", "severity": "high", "description": { "$ref": "#/files/description/30" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/2" } }, "cwe": [ "90" ], "owasp_top_10": { "2013": [ 1 ] }, "tags": [ "web", "ldap", "injection" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246947/LDAP-Injection", "title": "WASC" }, { "url": "https://www.owasp.org/index.php/LDAP_injection", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/19-missing-strict-transport-security-header.json0000664000175000017500000000101113534006177026077 0ustar etheth00000000000000{ "id": 19, "title": "Missing 'Strict-Transport-Security' header", "severity": "medium", "description": { "$ref": "#/files/description/19" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/48" } }, "references": [ { "url": "http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security", "title": "Wikipedia - HSTS" }, { "url": "https://www.owasp.org/index.php/HTTP_Strict_Transport_Security", "title": "OWASP - HSTS" } ] }vulndb-0.1.3/vulndb/db/en/76-x-content-type-options_header_missing.json0000664000175000017500000000105613534006177025437 0ustar etheth00000000000000{ "id": 76, "title": "X-Content-Type-Options header missing", "severity": "low", "description": { "$ref": "#/files/description/76" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/53" } }, "cwe": [], "owasp_top_10": { "2013": [ 7 ] }, "tags": [ "content", "sniffing", "missing", "header" ], "references": [ { "url": "https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx", "title": "Reducing MIME type security risks" } ] }vulndb-0.1.3/vulndb/db/en/63-http-trace.json0000664000175000017500000000111213534006177020047 0ustar etheth00000000000000{ "id": 63, "title": "HTTP TRACE", "severity": "medium", "description": { "$ref": "#/files/description/63" }, "fix": { "effort": 50, "guidance": { "$ref": "#/files/fix/25" } }, "owasp_top_10": { "2013": [ 5 ] }, "tags": [ "web", "xst", "methods", "trace", "server" ], "references": [ { "url": "http://capec.mitre.org/data/definitions/107.html", "title": "CAPEC" }, { "url": "http://www.owasp.org/index.php/Cross_Site_Tracing", "title": "OWASP" } ] }vulndb-0.1.3/vulndb/db/en/73-information-leak-stack-trace.json0000664000175000017500000000103713534006177023441 0ustar etheth00000000000000{ "id": 73, "title": "Application error message", "severity": "low", "description": { "$ref": "#/files/description/73" }, "fix": { "effort": 60, "guidance": { "$ref": "#/files/fix/42" } }, "cwe": [ "200" ], "owasp_top_10": { "2013": [ 6 ] }, "tags": [ "web", "error", "information leak" ], "references": [ { "url": "http://projects.webappsec.org/w/page/13246936/Information%20Leakage", "title": "WASC threat classification" } ] }vulndb-0.1.3/tools/0000775000175000017500000000000013534010726013532 5ustar etheth00000000000000vulndb-0.1.3/tools/semver.sh0000775000175000017500000001313613404715732015403 0ustar etheth00000000000000#!/usr/bin/env bash set -o errexit -o nounset -o pipefail SEMVER_REGEX="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(\-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$" PROG=semver PROG_VERSION=1.0.0 VERSION_FILE=vulndb/version.txt DEFAULT_VERSION=0.1.0 USAGE="\ Usage: $PROG $PROG init [] $PROG bump [(major|minor|patch|prerel |build ) | --force ] [--pretend] $PROG compare [] $PROG --help $PROG --version Arguments: A version must match the following regex pattern: \"${SEMVER_REGEX}\". In english, the version must match X.Y.Z(-PRERELEASE)(+BUILD) where X, Y and Z are positive integers, PRERELEASE is an optionnal string composed of alphanumeric characters and hyphens and BUILD is also an optional string composed of alphanumeric characters and hyphens. See definition. String that must be composed of alphanumeric characters and hyphens. String that must be composed of alphanumeric characters and hyphens. Options: -f, --force= Forces a bump of any version without checking if it respects semver bumping rules. -p, --pretend Do not overwrite the project's version file, only output what the new version string would be. -v, --version Print the version of this tool. -h, --help Print this help message. Commands: init initialize this project's version. bump this project's version by one of major, minor, patch, prerel, build or a forced potentialy conflicting version. compare to this project's version or to provided ." function warning { echo -e "$1" >&2 } function error { echo -e "$1" >&2 exit 1 } function usage-help { error "$USAGE" } function usage-version { echo -e "${PROG}: $PROG_VERSION" exit 0 } function validate-version { local version=$1 if [[ "$version" =~ $SEMVER_REGEX ]]; then # if a second argument is passed, store the result in var named by $2 if [ "$#" -eq "2" ]; then local major=${BASH_REMATCH[1]} local minor=${BASH_REMATCH[2]} local patch=${BASH_REMATCH[3]} local prere=${BASH_REMATCH[4]} local build=${BASH_REMATCH[5]} eval "$2=(\"$major\" \"$minor\" \"$patch\" \"$prere\" \"$build\")" else echo "$version" fi else error "version $version does not match the semver scheme 'X.Y.Z(-PRERELEASE)(+BUILD)'. See help for more information." fi } # this function will reverse-traverse folders until VERSION_FILE is found # or '/' is reached. function get-version { while [ -w . ]; do if [ -e $VERSION_FILE ]; then validate-version "$(cat $VERSION_FILE)" return 0 fi pushd .. > /dev/null done error "Version file $VERSION_FILE not found, you may want to initialize this project with 'version init'" } function compare-version { validate-version "$1" V validate-version "$2" V_ # MAJOR, MINOR and PATCH should compare numericaly for i in 0 1 2; do case $((${V[$i]} - ${V_[$i]})) in 0) ;; -[0-9]*) echo -1; return 0;; [0-9]*) echo 1; return 0 ;; esac done # PREREL should compare with the ASCII order. if [[ "${V[3]}" > "${V_[3]}" ]]; then echo 1; return 0; elif [[ "${V[3]}" < "${V_[3]}" ]]; then echo -1; return 0; fi echo 0 } function cli-print { get-version exit 0 } function command-init { local version="" case $# in 0) version="$DEFAULT_VERSION" ;; 1) version=$(validate-version "$1") ;; 2) usage-help;; esac if [ -e "$VERSION_FILE" ]; then error "version file $VERSION_FILE exists, cannot initialize project. Either remove the current file or use 'version bump --force '." fi echo "$version" | tee "$VERSION_FILE" exit 0 } function command-bump { local new; local pretend=0; local version=$(get-version) validate-version $version split local major=${split[0]} local minor=${split[1]} local patch=${split[2]} local prere=${split[3]} local build=${split[4]} while [[ $# -gt 0 ]]; do case "$1" in major) new="$(($major + 1)).0.0"; shift ;; minor) new="${major}.$(($minor + 1)).0"; shift ;; patch) new="${major}.${minor}.$(($patch + 1))"; shift ;; prerel) if [[ $# -lt 2 ]]; then usage-help else new=$(validate-version "${major}.${minor}.${patch}-${2}") shift 2 fi ;; build) if [[ $# -lt 2 ]]; then usage-help else new=$(validate-version "${major}.${minor}.${patch}${prere}+${2}") shift 2 fi ;; --force|-f) if [[ $# -lt 2 ]]; then usage-help else new=$(validate-version "$2") shift 2 fi ;; --pretend|-p) pretend=1; shift ;; "") break;; *) usage-help ;; esac done if [[ "$pretend" -eq 1 ]]; then echo $new else echo $new | tee $VERSION_FILE fi exit 0 } function command-compare { local v; local v_; local version=$(get-version) case $# in 0) usage-help ;; 1) v=$(validate-version "$1"); v_=$version ;; 2) v=$(validate-version "$1"); v_=$(validate-version "$2") ;; esac echo $(compare-version "$v" "$v_") exit 0 } case $# in 0) cli-print ;; esac case $1 in --help|-h) echo -e "$USAGE"; exit 0;; --version|-v) usage-version ;; init) shift; command-init $@;; bump) shift; command-bump $@;; compare) shift; command-compare $@;; *) echo "Unknown arguments: $@"; usage-help;; esac vulndb-0.1.3/tools/update-db.sh0000775000175000017500000000074013404715732015744 0ustar etheth00000000000000#!/usr/bin/env bash set -x # # Update the database # if [ ! -d "data" ]; then git clone https://github.com/vulndb/data.git fi cd data git pull cd .. rm -rf vulndb/db/ mkdir -p vulndb/db/ cp -rf data/db/* vulndb/db/ git add vulndb/db/* # Bump the version numbers tools/semver.sh bump patch cd data git rev-parse HEAD > ../vulndb/db-version.txt cd .. # Push to repo git commit vulndb/db/ vulndb/version.txt vulndb/db-version.txt -m 'Updated vulnerability database' git pushvulndb-0.1.3/README.rst0000664000175000017500000000417213534010233014056 0ustar etheth00000000000000Python SDK to access the `vulnerability database `_ .. image:: https://circleci.com/gh/vulndb/python-sdk/tree/master.svg?style=svg :alt: Build Status :align: right :target: https://circleci.com/gh/vulndb/python-sdk/tree/master Installation ============ It's possible to install `the latest stable release from pypi `_: :: pip install vulndb Or if you're interested in the latest version from our repository: :: git clone https://github.com/vulndb/python-sdk.git python setup.py install Usage ===== :: >>> from vulndb import DBVuln >>> dbv = DBVuln.from_id(42) >>> dbv.title 'SQL Injection' >>> dbv.description 'A long and actionable description for SQL injection ...' >>> dbv.fix_guidance 'Explains the developer how to fix SQL injections, usually a couple of

long ...' >>> dbv.severity 'high' >>> r = dbv.references[0] >>> r.url 'http://example.com/sqli-description.html' >>> r.title 'SQL injection cheat-sheet' More attributes, methods and helpers are well documented and available in the `source code `_. Contributing ============ Send your `pull requests `_ with improvements and bug fixes, making sure that all tests ``PASS``: :: $ cd python-sdk $ virtualenv venv $ . venv/bin/activate $ pip install -r vulndb/requirements-dev.txt $ nosetests vulndb/ .......... ---------------------------------------------------------------------- Ran 10 tests in 0.355s OK Updating the database ===================== This package embeds the `vulnerability database `_ in the ``vulndb/db/`` directory. To update the database with new information follow these steps: :: # Update the database tools/update-db.sh After updating the database it's a good idea to publish the latest at ``pypi`` using: :: rm -rf dist/ python setup.py sdist bdist_wheel twine check dist/* twine upload dist/* vulndb-0.1.3/setup.cfg0000664000175000017500000000004613534010726014213 0ustar etheth00000000000000[egg_info] tag_build = tag_date = 0 vulndb-0.1.3/setup.py0000664000175000017500000000266613534010066014113 0ustar etheth00000000000000#!/usr/bin/env python from setuptools import setup, find_packages from os.path import join, dirname setup( name='vulndb', version=open(join(dirname(__file__), 'vulndb', 'version.txt')).read().strip(), license='BSD 3-clause', platforms='Linux', description='Provides access to the vulndb information', long_description=open(join(dirname(__file__), 'README.rst')).read(), long_description_content_type='text/x-rst', author='Andres Riancho', author_email='self@andresriancho.com', url='https://github.com/vulndb/python-sdk/', packages=[p for p in find_packages() if p.startswith('vulndb')], include_package_data=True, install_requires=[], # With setuptools_git we make sure that the contents of vulndb/db/ , which # are non source code files, get copied too setup_requires=['setuptools_git >= 1.1', 'future'], zip_safe=False, # https://pypi.python.org/pypi?%3Aaction=list_classifiers classifiers=[ 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', 'License :: OSI Approved :: BSD License', 'Natural Language :: English', 'Operating System :: POSIX :: Linux', 'Operating System :: Microsoft :: Windows', 'Programming Language :: Python', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', 'Topic :: Security' ], )