Adds YT references and CVSS to output

2020-04-15 17:02:41 +02:00
parent e606f4ce18
commit f146ee7e9f
12 changed files with 46 additions and 71 deletions
--- a/app/models/timthumb.rb
+++ b/app/models/timthumb.rb
@@ -40,9 +40,9 @@ module WPScan
      def rce_132_vuln
        Vulnerability.new(
          'Timthumb <= 1.32 Remote Code Execution',
-          { exploitdb: ['17602'] },
-          'RCE',
-          '1.33'
+          references: { exploitdb: ['17602'] },
+          type: 'RCE',
+          fixed_in: '1.33'
        )
      end

@@ -50,12 +50,12 @@ module WPScan
      def rce_webshot_vuln
        Vulnerability.new(
          'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-          {
+          references: {
            url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
            cve: '2014-4663'
          },
-          'RCE',
-          '2.8.14'
+          type: 'RCE',
+          fixed_in: '2.8.14'
        )
      end

--- a/app/views/cli/vulnerability.erb
+++ b/app/views/cli/vulnerability.erb
@@ -1,4 +1,7 @@
 | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.cvss -%>
+ |     CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
+<% end -%>
 <% if @v.fixed_in -%>
 |     Fixed in: <%= @v.fixed_in %>
 <% end -%>
--- a/app/views/json/finding.erb
+++ b/app/views/json/finding.erb
@@ -19,6 +19,9 @@
  <% vulns.each_with_index do |v, index| -%>
  {
    "title": <%= v.title.to_json %>,
+    <% if v.cvss -%>
+    "cvss": <%= v.cvss.to_json %>,
+    <% end -%>
    "fixed_in": <%= v.fixed_in.to_json %>,
    "references": <%= v.references.to_json %>
  }<% unless index == last_index -%>,<% end -%>