full names and working tagging for packetstorm script

e-m-b-a / emba

EMBA - The firmware security analyzer

https://www.securefirmware.de

GNU General Public License v3.0

2.62k stars 229 forks source link

full names and working tagging for packetstorm script #1061

Closed HoxhaEndri closed 6 months ago

HoxhaEndri commented 7 months ago

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...) The names of the cves are now full and consistent. The tags should also be consistent now. Tested with the first 50 pages.
What is the current behavior? (You can also link to an open issue here)
What is the new behavior (if this is a feature change)? If possible add a screenshot.
Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)
Other information:

m-1-k-3 commented 7 months ago

Please add your name to the Authors

m-1-k-3 commented 7 months ago

looks as it gets out of sync:

[*] Generating list of URLs of packetstorm advisory page 1046
[+] Found PoC for CVE-2012-1664 in advisory osCmax 2.5.0 Cross Site Scripting SQL Injection / https://packetstormsecurity.com/files/111559/osCmax-2.5.0-Cross-Site-Scripting-SQL-Injection.html
[+] Found PoC for CVE-2012-1665 in advisory osCmax 2.5.0 Cross Site Scripting SQL Injection / https://packetstormsecurity.com/files/111559/osCmax-2.5.0-Cross-Site-Scripting-SQL-Injection.html
[+] Found PoC for CVE-2012-1671 in advisory phpPaleo 4.8b156 Local File Inclusion / https://packetstormsecurity.com/files/111545/phpPaleo-4.8b156-Local-File-Inclusion.html
[+] Found PoC for CVE-2012-1672 in advisory Pluck 4.7 Cross Site Request Forgery / https://packetstormsecurity.com/files/111582/Pluck-4.7-Cross-Site-Request-Forgery.html

If I go to site 1046 I can see the Pluck 4.7 CSRF entry ... but it has no CVE identifier:

HoxhaEndri commented 7 months ago

looks as it gets out of sync:

[*] Generating list of URLs of packetstorm advisory page 1046
[+] Found PoC for CVE-2012-1664 in advisory osCmax 2.5.0 Cross Site Scripting SQL Injection / https://packetstormsecurity.com/files/111559/osCmax-2.5.0-Cross-Site-Scripting-SQL-Injection.html
[+] Found PoC for CVE-2012-1665 in advisory osCmax 2.5.0 Cross Site Scripting SQL Injection / https://packetstormsecurity.com/files/111559/osCmax-2.5.0-Cross-Site-Scripting-SQL-Injection.html
[+] Found PoC for CVE-2012-1671 in advisory phpPaleo 4.8b156 Local File Inclusion / https://packetstormsecurity.com/files/111545/phpPaleo-4.8b156-Local-File-Inclusion.html
[+] Found PoC for CVE-2012-1672 in advisory Pluck 4.7 Cross Site Request Forgery / https://packetstormsecurity.com/files/111582/Pluck-4.7-Cross-Site-Request-Forgery.html

If I go to site 1046 I can see the Pluck 4.7 CSRF entry ... but it has no CVE identifier:

I will look into it

m-1-k-3 commented 6 months ago

Thank you for fixing this script!