Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

transform the exploit database to yaml #26

Open
StPanning opened this issue Mar 18, 2018 · 2 comments
Open

transform the exploit database to yaml #26

StPanning opened this issue Mar 18, 2018 · 2 comments
Labels
enhancement

Comments

@StPanning
Copy link

The exploit database is hard to maintain,
moving it to yaml, makes it human readable and much easier to maintain and contribute to.
@Ali-Razmjoo
Copy link
Collaborator

Hello,

It's a nice idea to change the exploit database, @rezasp please review and suggest yaml, json or xml.

Regards.

@StPanning
Copy link
Author

StPanning commented Mar 18, 2018
edited
Loading

xml is kind-of hard to read/write. json is also more for machines, IMHO,
yaml on the other hand is human readable and more line-oriented,
this makes easer diffs and is thus easier to review.
for every format exist stable libraries.

So my argument still is:
The whole file needs to be maintained and updated by humans.
So my vote is for yaml :)

I've been already toying around with semi-automatic extraction cve's regarding joomla.
My tool is still in it's very early state.
(One would have to correct it manually though. In this example my program was not able to detect, that it si not the core part of joomla, but component)
The output looks something like this:

- desc: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
  id: CVE-2016-1000113
  refs:
  - src:
      BID:
      - entry: '92102'
        url: http://www.securityfocus.com/bid/92102
      MISC:
      - entry: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
        url: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
      - entry: http://www.vapidlabs.com/advisory.php?v=164
        url: http://www.vapidlabs.com/advisory.php?v=164
  vuln_part: core
  vulnerable_versions:
    from: 1.1.5
    to: ''
- desc: XSS in huge IT gallery v1.1.5 for Joomla
  id: CVE-2016-1000114
  refs:
  - src:
      BID:
      - entry: '92102'
        url: http://www.securityfocus.com/bid/92102
      MISC:
      - entry: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
        url: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
      - entry: http://www.vapidlabs.com/advisory.php?v=164
        url: http://www.vapidlabs.com/advisory.php?v=164
  vuln_part: core
  vulnerable_versions:
    from: 1.1.5
    to:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StPanning @Ali-Razmjoo