Comments (2)
Hello,
It's a nice idea to change the exploit database, @rezasp please review and suggest yaml
, json
or xml
.
Regards.
from joomscan.
xml is kind-of hard to read/write. json is also more for machines, IMHO,
yaml on the other hand is human readable and more line-oriented,
this makes easer diffs and is thus easier to review.
for every format exist stable libraries.
So my argument still is:
The whole file needs to be maintained and updated by humans.
So my vote is for yaml :)
I've been already toying around with semi-automatic extraction cve's regarding joomla.
My tool is still in it's very early state.
(One would have to correct it manually though. In this example my program was not able to detect, that it si not the core part of joomla, but component)
The output looks something like this:
- desc: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
id: CVE-2016-1000113
refs:
- src:
BID:
- entry: '92102'
url: http://www.securityfocus.com/bid/92102
MISC:
- entry: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
url: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
- entry: http://www.vapidlabs.com/advisory.php?v=164
url: http://www.vapidlabs.com/advisory.php?v=164
vuln_part: core
vulnerable_versions:
from: 1.1.5
to: ''
- desc: XSS in huge IT gallery v1.1.5 for Joomla
id: CVE-2016-1000114
refs:
- src:
BID:
- entry: '92102'
url: http://www.securityfocus.com/bid/92102
MISC:
- entry: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
url: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
- entry: http://www.vapidlabs.com/advisory.php?v=164
url: http://www.vapidlabs.com/advisory.php?v=164
vuln_part: core
vulnerable_versions:
from: 1.1.5
to:
from joomscan.
Related Issues (20)
- improve code quality HOT 6
- joomscan rewrite should have higher version than initial implementation HOT 9
- Running from other directory
- Robots.txt path incorrect when Disallow is empty
- Joomscan mis-reports Joomla version HOT 1
- add proper make/install procedure
- Database
- Update command
- Bug - Target is not alive
- Joomscan does nothing on basic scan HOT 2
- not working HOT 4
- LWP module error HOT 3
- Report of components scan is incorrect HOT 1
- Amblog 1.0 - Multiple SQL Injections NOT detected.
- Many false positives when scanning a Joomla latest 3.9.16 Stable
- buggy html reports HOT 3
- joomscan.pl should be converted to Unix style line break HOT 1
- DB update HOT 2
- "The target is not alive!" message regardless of timeout HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from joomscan.