JSON format proposal for a single vector item

[GoogleCodeExporter]

We need a JSON based format ton store the single vectors including
category, tags, default payload and other meta information.

Here's a first proposal:

{id:'',type:'',name:'',browsers:{'':[],'':[]},payload:{'':'','':''},tags:[]}

Example usage:

{id:1, type:2, name:'XSS via onscroll',
browsers:{'FF':['3.5','3.6'],'GC':['4','5']},payload:{'position_a_and_c':'alert(
1)'},tags:['xss',
'html5', 'ff', 'gc']}

This enables users to use own files specifying payload assigned to a vector
by its id - while we provide a default version. People can so create
scanners based on the JSON file and fill it with own custom stuff and
overwrite anything they need.

Suggestions welcome!

Original issue reported on code.google.com by Mario.He...@googlemail.com on 26 Apr 2010 at 12:44

[GoogleCodeExporter]

Example form the project homepage:

{{{
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X

{
   id:1, 
   type:2, 
   name:'XSS via onscroll',
   data: '<form id="test" /><button form="test" formaction="%pos_1%">X',
   description: 'A small vector displaying the HTML5 form and formac ... the
supported browsers.',
   browsers:{'Opera':['10.5']},
   payload:{'pos_1':'javascript:alert(1)'},
   tags:['xss', 'html5', 'ff', 'gc']
}
}}}

Original comment by Mario.He...@googlemail.com on 26 Apr 2010 at 2:16

[GoogleCodeExporter]

Original comment by Mario.He...@googlemail.com on 1 May 2010 at 2:33

• Added labels: Type-Defect
• Removed labels: Type-Enhancement

[GoogleCodeExporter]

Original comment by Mario.He...@googlemail.com on 1 May 2010 at 2:34

• Changed state: Fixed