Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58

thecliguy · 2019-04-15T20:08:02Z

Exploit modules in WordPress Exploit Framework often have a name which is similar to what is recorded in the WPScan Vulnerability Database, but not exactly the same.

Here is an example:

wordpress-exploit-framework/lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb

Lines 3 to 25 in 4462106

    
           class Wpxf::Exploit::CreativeContactFormShellUpload < Wpxf::Module 
        
             include Wpxf 
        
             def initialize 
        
               super 
        
               update_info( 
        
                 name: 'Creative Contact Form Shell Upload', 
        
                 desc: 'This module exploits a file upload vulnerability in all versions '\ 
        
                       'of the Creative Contact Form plugin prior to version 0.9.8 which '\ 
        
                       'allows unauthenticated users to upload and execute PHP scripts '\ 
        
                       'in the context of the web server.', 
        
                 author: [ 
        
                   'Gianni Angelozzi', # Vulnerability discovery 
        
                   'rastating'         # WPXF module 
        
                 ], 
        
                 references: [ 
        
                   ['EDB', '35057'], 
        
                   ['WPVDB', '7652'] 
        
                 ], 
        
                 date: 'Oct 22 2014' 
        
               ) 
        
             end

The name in the module is Creative Contact Form Shell Upload whereas the name in the WPScan Vulnerability Database is Creative Contact Form <= 0.9.7 Shell Upload. This makes searching by name difficult...

Every vulnerability recorded in the WPScan Vulnerability Database has a unique ID. The author of module in my example has included the ID under references:

references: [ 
         ['EDB', '35057'], 
         ['WPVDB', '7652'] 
],

So what I'm proposing is the ability to search WordPress Exploit Framework using the WPScan Vulnerability Database ID (WPVDB ID).

Searching by ID has several advantages, such as:

IDs are immutable (they should never change) whereas a title might change, for example if a vulnerability is submitted with a typo/spelling mistake.
If a vulnerability includes punctuation in the name such as a hyphen, it is easy for this to be reproduced incorrectly (‒, –, —, ―). There's no such ambiguity with a numeric ID.
If in the future the WPScan Vulnerability Database decides to support multiple languages, the ID remains consistent across languages.

The text was updated successfully, but these errors were encountered:

rastating · 2019-04-25T12:59:56Z

This is a good idea - got quite a few things that I am juggling at the moment, but I'll try to get this added soon 😃

rastating added cli enhancement labels Apr 25, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58

Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58

thecliguy commented Apr 15, 2019

rastating commented Apr 25, 2019

Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58

Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58

Comments

thecliguy commented Apr 15, 2019

rastating commented Apr 25, 2019