-
-
Notifications
You must be signed in to change notification settings - Fork 263
Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58
Description
Exploit modules in WordPress Exploit Framework often have a name which is similar to what is recorded in the WPScan Vulnerability Database, but not exactly the same.
Here is an example:
wordpress-exploit-framework/lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb
Lines 3 to 25 in 4462106
class Wpxf::Exploit::CreativeContactFormShellUpload < Wpxf::Module | |
include Wpxf | |
def initialize | |
super | |
update_info( | |
name: 'Creative Contact Form Shell Upload', | |
desc: 'This module exploits a file upload vulnerability in all versions '\ | |
'of the Creative Contact Form plugin prior to version 0.9.8 which '\ | |
'allows unauthenticated users to upload and execute PHP scripts '\ | |
'in the context of the web server.', | |
author: [ | |
'Gianni Angelozzi', # Vulnerability discovery | |
'rastating' # WPXF module | |
], | |
references: [ | |
['EDB', '35057'], | |
['WPVDB', '7652'] | |
], | |
date: 'Oct 22 2014' | |
) | |
end |
The name in the module is Creative Contact Form Shell Upload
whereas the name in the WPScan Vulnerability Database is Creative Contact Form <= 0.9.7 Shell Upload
. This makes searching by name difficult...
Every vulnerability recorded in the WPScan Vulnerability Database has a unique ID. The author of module in my example has included the ID under references
:
references: [
['EDB', '35057'],
['WPVDB', '7652']
],
So what I'm proposing is the ability to search WordPress Exploit Framework using the WPScan Vulnerability Database ID (WPVDB ID).
Searching by ID has several advantages, such as:
- IDs are immutable (they should never change) whereas a title might change, for example if a vulnerability is submitted with a typo/spelling mistake.
- If a vulnerability includes punctuation in the name such as a hyphen, it is easy for this to be reproduced incorrectly (‒, –, —, ―). There's no such ambiguity with a numeric ID.
- If in the future the WPScan Vulnerability Database decides to support multiple languages, the ID remains consistent across languages.