added constraints on XSD: Only one Plugin Element per Plugin allowed

2013-01-21 23:23:18 +01:00
parent 4d4b1abb55
commit 544b0f8053
2 changed files with 33 additions and 32 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -31,6 +31,11 @@
  </plugin>

  <plugin name="ungallery">
+    <vulnerability>
+      <title>UnGallery plugin &lt;= 1.5.8 Local File Disclosure Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/17704/</reference>
+      <type>LFI</type>
+    </vulnerability>
    <vulnerability>
      <title>UnGallery Arbitrary Command Execution</title>
      <reference>http://secunia.com/advisories/50875/</reference>
@@ -259,6 +264,11 @@
  </plugin>

  <plugin name="asset-manager">
+    <vulnerability>
+      <title>Asset Manager 0.2 Arbitrary File Upload</title>
+      <reference>http://www.exploit-db.com/exploits/18993/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
    <vulnerability>
      <title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
      <reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</reference>
@@ -835,12 +845,18 @@ File Upload Vulnerability</title>
  </plugin>

  <plugin name="contus-hd-flv-player">
+    <vulnerability>
+      <title>Contus HD FLV Player plugin &lt;= 1.3 SQL Injection Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/17678/</reference>
+      <type>SQLI</type>
+    </vulnerability>
    <vulnerability>
      <title>Contus HD FLV Player 1.7 Arbitrary
 File Upload Vulnerability</title>
      <reference>http://packetstormsecurity.org/files/113570/</reference>
      <type>UPLOAD</type>
    </vulnerability>
+
  </plugin>

  <plugin name="user-meta">
@@ -878,6 +894,11 @@ File Upload Vulnerability</title>
      <reference>http://www.exploit-db.com/exploits/19055/</reference>
      <type>UPLOAD</type>
    </vulnerability>
+    <vulnerability>
+      <title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
+      <reference>http://www.exploit-db.com/exploits/19016/</reference>
+      <type>UNKNOWN</type>
+    </vulnerability>
  </plugin>

  <plugin name="mac-dock-gallery">
@@ -954,14 +975,6 @@ File Upload Vulnerability</title>
    </vulnerability>
  </plugin>

-  <plugin name="pica-photo-gallery">
-    <vulnerability>
-      <title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
-      <reference>http://www.exploit-db.com/exploits/19016/</reference>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
  <plugin name="plugin-newsletter">
    <vulnerability>
      <title>Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability</title>
@@ -1076,14 +1089,6 @@ File Upload Vulnerability</title>
    </vulnerability>
  </plugin>

-  <plugin name="asset-manager">
-    <vulnerability>
-      <title>Asset Manager 0.2 Arbitrary File Upload</title>
-      <reference>http://www.exploit-db.com/exploits/18993/</reference>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
  <plugin name="track-that-stat">
    <vulnerability>
      <title>Track That Stat &lt;= 1.0.8 Cross Site Scripting</title>
@@ -1630,14 +1635,6 @@ File Upload Vulnerability</title>
    </vulnerability>
  </plugin>

-  <plugin name="ungallery">
-    <vulnerability>
-      <title>UnGallery plugin &lt;= 1.5.8 Local File Disclosure Vulnerability</title>
-      <reference>http://www.exploit-db.com/exploits/17704/</reference>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
  <plugin name="wp-menu-creator">
    <vulnerability>
      <title>Menu Creator plugin &lt;= 1.1.7 SQL Injection Vulnerability</title>
@@ -1707,14 +1704,6 @@ File Upload Vulnerability</title>
    </vulnerability>
  </plugin>

-  <plugin name="contus-hd-flv-player">
-    <vulnerability>
-      <title>Contus HD FLV Player plugin &lt;= 1.3 SQL Injection Vulnerability</title>
-      <reference>http://www.exploit-db.com/exploits/17678/</reference>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
  <plugin name="file-groups">
    <vulnerability>
      <title>File Groups plugin &lt;= 1.1.2 SQL Injection Vulnerability</title>
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -76,6 +76,18 @@
        <xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
      </xs:sequence>
    </xs:complexType>
+    <xs:unique name="uniquePlugin">
+      <xs:selector xpath="plugin"/>
+      <xs:field xpath="@name"/>
+    </xs:unique>
+    <xs:unique name="uniqueTheme">
+      <xs:selector xpath="theme"/>
+      <xs:field xpath="@name"/>
+    </xs:unique>
+    <xs:unique name="uniqueWordpress">
+      <xs:selector xpath="wordpress"/>
+      <xs:field xpath="@name"/>
+    </xs:unique>
  </xs:element>