garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds YT references and CVSS to output

Browse Source
This commit is contained in:
erwanlr
2020-04-15 17:02:41 +02:00
parent e606f4ce18
commit f146ee7e9f
12 changed files with 46 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/models/timthumb.rb
View File

@@ -40,9 +40,9 @@ module WPScan
def rce_132_vuln def rce_132_vuln
Vulnerability.new( Vulnerability.new(
'Timthumb <= 1.32 Remote Code Execution', 'Timthumb <= 1.32 Remote Code Execution',
{ exploitdb: ['17602'] }, references: { exploitdb: ['17602'] },
'RCE', type: 'RCE',
'1.33' fixed_in: '1.33'
) )
end end
@@ -50,12 +50,12 @@ module WPScan
def rce_webshot_vuln def rce_webshot_vuln
Vulnerability.new( Vulnerability.new(
'Timthumb <= 2.8.13 WebShot Remote Code Execution', 'Timthumb <= 2.8.13 WebShot Remote Code Execution',
{ references: {
url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'], url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
cve: '2014-4663' cve: '2014-4663'
}, },
'RCE', type: 'RCE',
'2.8.14' fixed_in: '2.8.14'
) )
end end

3
app/views/cli/vulnerability.erb
View File

@@ -1,4 +1,7 @@
| <%= critical_icon %> Title: <%= @v.title %> | <%= critical_icon %> Title: <%= @v.title %>
<% if @v.cvss -%>
| CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
<% end -%>
<% if @v.fixed_in -%> <% if @v.fixed_in -%>
| Fixed in: <%= @v.fixed_in %> | Fixed in: <%= @v.fixed_in %>
<% end -%> <% end -%>

3
app/views/json/finding.erb
View File

@@ -19,6 +19,9 @@
<% vulns.each_with_index do |v, index| -%> <% vulns.each_with_index do |v, index| -%>
{ {
"title": <%= v.title.to_json %>, "title": <%= v.title.to_json %>,
<% if v.cvss -%>
"cvss": <%= v.cvss.to_json %>,
<% end -%>
"fixed_in": <%= v.fixed_in.to_json %>, "fixed_in": <%= v.fixed_in.to_json %>,
"references": <%= v.references.to_json %> "references": <%= v.references.to_json %>
}<% unless index == last_index -%>,<% end -%> }<% unless index == last_index -%>,<% end -%>

31
lib/wpscan/references.rb
View File

@@ -2,9 +2,7 @@
module WPScan module WPScan
# References module (which should be included along with the CMSScanner::References) # References module (which should be included along with the CMSScanner::References)
# to allow the use of the wpvulndb and youtube references. # to allow the use of the wpvulndb reference.
# Notes: The youtube references are not handled the same way all the others, especialy in the JSON output
# as we output the full URL and not just the ID. Hence the override of the references= method
module References module References
extend ActiveSupport::Concern extend ActiveSupport::Concern
@@ -12,27 +10,12 @@ module WPScan
module ClassMethods module ClassMethods
# @return [ Array<Symbol> ] # @return [ Array<Symbol> ]
def references_keys def references_keys
@references_keys ||= super << :wpvulndb << :youtube @references_keys ||= super << :wpvulndb
end
end
# @param [ Hash ] refs
def references=(refs)
@references = {}
self.class.references_keys.each do |key|
next unless refs.key?(key)
@references[key] = if key == :youtube
[*refs[:youtube]].map { |id| youtube_url(id) }
else
[*refs[key]].map(&:to_s)
end
end end
end end
def references_urls def references_urls
wpvulndb_urls + super + youtube_urls wpvulndb_urls + super
end end
def wpvulndb_ids def wpvulndb_ids
@@ -46,13 +29,5 @@ module WPScan
def wpvulndb_url(id) def wpvulndb_url(id)
"https://wpvulndb.com/vulnerabilities/#{id}" "https://wpvulndb.com/vulnerabilities/#{id}"
end end
def youtube_urls
references[:youtube] || []
end
def youtube_url(id)
"https://www.youtube.com/watch?v=#{id}"
end
end end
end end

9
lib/wpscan/vulnerability.rb
View File

@@ -16,11 +16,14 @@ module WPScan
end end
end end
cvss = { score: json_data['cvss_risk_score'], vector: json_data['cvss_vector'] } if json_data['cvss_risk_score']
new( new(
json_data['title'], json_data['title'],
references, references: references,
json_data['vuln_type'], type: json_data['vuln_type'],
json_data['fixed_in'] fixed_in: json_data['fixed_in'],
cvss: cvss
) )
end end
end end

8
spec/app/models/plugin_spec.rb
View File

@@ -202,11 +202,11 @@ describe WPScan::Model::Plugin do
[ [
WPScan::Vulnerability.new( WPScan::Vulnerability.new(
'First Vuln <= 6.3.10 - LFI', 'First Vuln <= 6.3.10 - LFI',
{ wpvulndb: '1' }, references: { wpvulndb: '1' },
'LFI', type: 'LFI',
'6.3.10' fixed_in: '6.3.10'
), ),
WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2') WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
] ]
end end

8
spec/app/models/theme_spec.rb
View File

@@ -224,11 +224,11 @@ describe WPScan::Model::Theme do
[ [
WPScan::Vulnerability.new( WPScan::Vulnerability.new(
'First Vuln', 'First Vuln',
{ wpvulndb: '1' }, references: { wpvulndb: '1' },
'LFI', type: 'LFI',
'6.3.10' fixed_in: '6.3.10'
), ),
WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2') WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
] ]
end end

32
spec/app/models/wp_version_spec.rb
View File

@@ -55,31 +55,15 @@ describe WPScan::Model::WpVersion do
expect(version).to be_vulnerable expect(version).to be_vulnerable
end end
let(:all_vulns) do
[
WPScan::Vulnerability.new(
'WP 3.8.1 - Vuln 1',
{ wpvulndb: '1' },
'SQLI'
),
WPScan::Vulnerability.new(
'WP 3.8.1 - Vuln 2',
{ url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
nil,
'3.8.2'
)
]
end
context 'when a signle vuln' do context 'when a signle vuln' do
let(:number) { '3.8.1' } let(:number) { '3.8' }
let(:db_data) { vuln_api_data_for('wordpresses/38') } let(:db_data) { vuln_api_data_for('wordpresses/38') }
it 'returns the expected result' do it 'returns the expected result' do
@expected = [WPScan::Vulnerability.new( @expected = [WPScan::Vulnerability.new(
'WP 3.8 - Vuln 1', 'WP 3.8 - Vuln 1',
{ url: %w[url-4], wpvulndb: '3' }, references: { url: %w[url-4], wpvulndb: '3' },
'AUTHBYPASS' type: 'AUTHBYPASS'
)] )]
end end
end end
@@ -92,14 +76,14 @@ describe WPScan::Model::WpVersion do
@expected = [ @expected = [
WPScan::Vulnerability.new( WPScan::Vulnerability.new(
'WP 3.8.1 - Vuln 1', 'WP 3.8.1 - Vuln 1',
{ wpvulndb: '1' }, references: { wpvulndb: '1' },
'SQLI' type: 'SQLI',
cvss: { score: '5.4', vector: 'VECTOR' }
), ),
WPScan::Vulnerability.new( WPScan::Vulnerability.new(
'WP 3.8.1 - Vuln 2', 'WP 3.8.1 - Vuln 2',
{ url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' }, references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
nil, fixed_in: '3.8.2'
'3.8.2'
) )
] ]
end end

4
spec/fixtures/db/vuln_api/wordpresses/381.json vendored
View File

@@ -9,7 +9,9 @@
"id" : 1, "id" : 1,
"vuln_type" : "SQLI", "vuln_type" : "SQLI",
"published_date" : null, "published_date" : null,
"fixed_in" : null "fixed_in" : null,
"cvss_risk_score": "5.4",
"cvss_vector": "VECTOR"
}, },
{ {
"references" : { "references" : {

2
spec/lib/vulnerability_spec.rb
View File

@@ -1,7 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
describe WPScan::Vulnerability do describe WPScan::Vulnerability do
subject(:vuln) { described_class.new(title, references) } subject(:vuln) { described_class.new(title, references: references) }
let(:title) { 'Test Vuln' } let(:title) { 'Test Vuln' }
let(:references) { {} } let(:references) { {} }

1
spec/output/wp_version/with_vulns.cli_no_colour
View File

@@ -4,6 +4,7 @@
| [!] 2 vulnerabilities identified: | [!] 2 vulnerabilities identified:
| |
| [!] Title: WP 3.8.1 - Vuln 1 | [!] Title: WP 3.8.1 - Vuln 1
| CVSS: 5.4 (VECTOR)
| Reference: https://wpvulndb.com/vulnerabilities/1 | Reference: https://wpvulndb.com/vulnerabilities/1
| |
| [!] Title: WP 3.8.1 - Vuln 2 | [!] Title: WP 3.8.1 - Vuln 2

4
spec/output/wp_version/with_vulns.json
View File

@@ -14,6 +14,10 @@
"vulnerabilities": [ "vulnerabilities": [
{ {
"title": "WP 3.8.1 - Vuln 1", "title": "WP 3.8.1 - Vuln 1",
"cvss": {
"score": "5.4",
"vector": "VECTOR"
},
"fixed_in": null, "fixed_in": null,
"references": { "references": {
"wpvulndb": [ "wpvulndb": [