Closed ethicalhack3r closed 9 years ago
Haven't worked with CWE. Are there some basic CWE's too like CWE XXXX - SQL Injection? I think finding the right entry can be a pain in the **\ :) Maybe we can automatically parse the info on the CVE pages? I think they are linking CWE numbers
Sometimes CWE is in mapped to CVE data. NVD for example does it. Sometimes it can be picked out of advisories. It makes reporting from wpscan much more official and more robust. There is "major" CWEs for well known issues. CWEs can be confusing when you look at those at the first time. We can also just use $editor to replace old "XSS" to correct CWE for example. This information is like CVEs. Sometimes you have CWE and sometimes the advisory/vulnerability is unspecified and you don't know what the real issue is.
For the record: http://nvd.nist.gov/cwe.cfm
Maybe an idea to make a link in the output which is a reference to the information page of the classified vulnerability.
We can possibly implement CWEs programatically when the vuln db goes live, shouldn't be too hard to map our classifications to CWE's.
New DBs will be in JSON format, so should be easy to add an extra JSON node for CWEs when JSON output for WPScan is implemented.
"AUTHBYPASS" => ["AUTH", "CWE-287"]
"BYPASS" => ["???", "???"]
"CSRF" => ["CSRF", "CWE-352"]
"FPD" => ["INFOLEAK","CWE-200"]
"LFI" => ["LFI","CWE-22"]
"MULTI" => ["MULTI", ""]
"RCE" => ["RCE","CWE-94"]
"REDIRECT" => ["REDIRECT", "CWE-601"]
"RFI" => ["RFI","CWE-98"]
"SQLI" => ["SQLI", "CWE-89"]
"SSRF" => ["???","???"]
"UNKNOWN" => ["UNKNOWN","???"]
"UPLOAD" => ["UPLOAD","CWE-434"]
"XSS" => ["XSS", "CWE-79"]
"XXE" => ["???","???"]
Moved this to wpvulndb issue tracker
Great. I can help you implement this if needed.
We currently classify each vuln as one of:
As @fgeek suggested on a commit comment, we could use CWE identifiers instead.
I think CWE will help us classify more accurately, however, it will also take more time to classify each new vulnerability. There looks to be thousands of different classifications?
Currently, our classifications are not used anywhere yet (as far as I'm aware), they are just "meta-data", which I think will become useful one day if we want to see "how many vulnerabilities were XSS?" kind of stats for example.