dradis-ntospider 4.2.0 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +4 -0
  3. data/.rspec +2 -0
  4. data/CHANGELOG.md +3 -0
  5. data/README.md +5 -0
  6. data/dradis-ntospider.gemspec +5 -2
  7. data/lib/dradis/plugins/ntospider/field_processor.rb +5 -1
  8. data/lib/dradis/plugins/ntospider/gem_version.rb +1 -1
  9. data/lib/dradis/plugins/ntospider/importer.rb +10 -7
  10. data/lib/dradis-ntospider.rb +1 -0
  11. data/lib/ntospider/attack.rb +75 -0
  12. data/lib/ntospider/vuln.rb +24 -9
  13. data/spec/fixtures/files/VulnerabilitiesSummary.xml +484 -379
  14. data/spec/ntospider_import_spec.rb +87 -0
  15. data/spec/spec_helper.rb +10 -0
  16. data/templates/evidence.fields +13 -4
  17. data/templates/evidence.sample +28 -198
  18. data/templates/evidence.template +11 -8
  19. data/templates/vuln.fields +14 -0
  20. data/templates/vuln.sample +134 -197
  21. data/templates/vuln.template +3 -3
  22. metadata +58 -10
data/templates/vuln.sample CHANGED
@@ -1,200 +1,137 @@
1
1
  <Vuln>
2
- <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
3
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
4
- <ScanName>hackthissite</ScanName>
5
- <WebSite>http://www.hackthissite.org:80</WebSite>
6
- <VulnType>Reflected Cross-site scripting (XSS)</VulnType>
7
- <VulnUrl>http://www.hackthissite.org/</VulnUrl>
8
- <NormalizedUrl>http://www.hackthissite.org/?</NormalizedUrl>
9
- <MatchedString></MatchedString>
10
- <NormalizedPostParams></NormalizedPostParams>
11
- <VulnParam>Unnamed</VulnParam>
12
- <ParameterName>Unnamed</ParameterName>
13
- <HtmlEntityAttacked>Query-Parameters</HtmlEntityAttacked>
14
- <AttackType>javascript after single quote</AttackType>
15
- <AttackScore>3-Medium</AttackScore>
16
- <AttackValue>';alert('x9lj3cup');//</AttackValue>
17
- <Method>GET</Method>
18
- <RootCauseId>9AEE038BB3477FE5A178FBA57C93FC76</RootCauseId>
19
- <Description><![CDATA[<p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p>]]></Description>
20
- <Recommendation><![CDATA[
2
+ <DbId>12F3E8EB183249F6B99039D2E0F6AB1B</DbId>
3
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
4
+ <ScanName>Example</ScanName>
5
+ <WebSite>https://test.t.example.com:443</WebSite>
6
+ <WebSiteIP>10.11.10.8</WebSiteIP>
7
+ <VulnType>Privilege Escalation</VulnType>
8
+ <VulnUrl>https://test.t.example.com/en/help</VulnUrl>
9
+ <NormalizedUrl>https://test.t.example.com/en/help</NormalizedUrl>
10
+ <MatchedString>OK</MatchedString>
11
+ <NormalizedPostParams></NormalizedPostParams>
12
+ <VulnParam></VulnParam>
13
+ <ParameterName>N/A</ParameterName>
14
+ <HtmlEntityAttacked>URL</HtmlEntityAttacked>
15
+ <ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
16
+ <AttackType>Privilege Escalation</AttackType>
17
+ <AttackScore>2-Low</AttackScore>
18
+ <AttackValue>N/A</AttackValue>
19
+ <OriginalValue>N/A</OriginalValue>
20
+ <Method>N/A</Method>
21
+ <RootCauseId>27E938574D526F62DE4FD063F81159FF</RootCauseId>
22
+ <LuxorRootCauseId>9B1FF1FBC10827468899ACDF4EDF865E</LuxorRootCauseId>
23
+ <FindingDbId>9CFD9BA94ADD4E5C9715277A37F7822C</FindingDbId>
24
+ <Description>
25
+ <![CDATA[<p>Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed,
26
+ and such elevation/changes should have been prevented by the application. This is usually caused by a flaw in the application.
27
+ The result is that the application performs actions with more privileges than those intended by the developer or system administrator</p>]]></Description>
28
+ <Recommendation>
29
+ <![CDATA[<p>The most important step is to think through an application’s access control requirements and capture it in a web application security policy.
30
+ We strongly recommend the use of an access control matrix to define the access control rules. Without documenting the security policy,
31
+ there is no definition of what it means to be secure for that site. The policy should document what types of users can access the system,
32
+ and what functions and content each of these types of users should be allowed to access. The access control mechanism should be extensively
33
+ tested to be sure that there is no way to bypass it. This testing requires a variety of accounts and extensive attempts to access unauthorized
34
+ content or functions.
21
35
 
22
- <p>Reflected XSS attacks are also known as type 1 or non-persistent XSS attacks, and are the most frequent type of XSS attacks found nowadays.</p>
23
-
24
- <p>When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests to the client. The common modus operandi of the attack includes a design step, in which the attacker creates and tests an offending URI, a social engineering step, in which she convinces her victims to load this URI on their browsers, and the eventual execution of the offending code - using the victim's credentials.</p>
25
-
26
- <p>Commonly the attacker's code is written in the Javascript language, but other scripting languages are also used, e.g., ActionScript and VBScript.</p>
27
-
28
- <p>Attackers typically leverage these vulnerabilities to install key loggers, steal victim cookies, perform clipboard theft, and change the content of the page (e.g., download links).</p>
29
-
30
- <p>One of the important matters about exploiting XSS vulnerabilities is character encoding. In some cases, the web server or the web application may not be filtering some encodings of characters, so, for example, the web application might filter out "&lt;script&gt;", but might not filter "%3Cscript%3E" which simply includes another encoding of tags. A nice tool for testing character encodings is OWASP's CAL9000. </p>]]></Recommendation>
31
- <Page>http://www.hackthissite.org/</Page>
32
- <Url>http://www.hackthissite.org/</Url>
33
- <VulnParamType>unknown</VulnParamType>
34
- <CrawlTrafficTemplate>R0VUIC8/eGh5azJhanEtcHQgSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBfX3V0bWE9MTk4NDAyODcwLjYwNzMyMTI4MC4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xOyBfX3V0bXo9MTk4NDAyODcwLjE0MTMyNjA5MjMuMS4xLnV0bWNzcj0oZGlyZWN0KXx1dG1jY249KGRpcmVjdCl8dXRtY21kPShub25lKTsgYWRzX2JtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9OTFkOTgzOThhY2U2NzUxZjI3YTI5ZmNmYmJhMmMwOTQ7IGJtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYj0xOTg0MDI4NzAuNTAwLjEwLjE0MTMyNjA5MjM7IF9fdXRtYz0xOTg0MDI4NzA7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBsZXZlbDEwX2F1dGhvcml6ZWQ9bm87DQoNCg==</CrawlTrafficTemplate>
35
- <AttackClass>Application Developer</AttackClass>
36
- <CweId>79</CweId>
37
- <CAPEC>80</CAPEC>
38
- <DISSA_ASC>3580</DISSA_ASC>
39
- <OWASP2007>1</OWASP2007>
40
- <OWASP2010>2</OWASP2010>
41
- <OWASP2013>3</OWASP2013>
42
- <OVAL>6312</OVAL>
43
- <WASC>0</WASC>
44
- <ScanDate>2014-10-14 07:26:14</ScanDate>
45
- <ScanEnd>2014-10-15 01:59:37</ScanEnd>
46
- <DefenseBL>
47
- <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
48
- <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
49
- <PcreRegex></PcreRegex>
50
- <ModSecurity></ModSecurity>
51
- <Snort></Snort>
52
- <Imperva>cross-site-scripting</Imperva>
53
- </DefenseBL>
54
- <DefenseWL>
55
- <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
56
- <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
57
- <PcreRegex></PcreRegex>
58
- <ModSecurity></ModSecurity>
59
- <Snort></Snort>
60
- <Imperva></Imperva>
61
- </DefenseWL>
62
- <AttackList>
63
- <Attack>
64
- <DbId>0FBEDA330DDC427CB8EFB550E5170614</DbId>
65
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
66
- <AttackValue>'-alert(6759001)-'</AttackValue>
67
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
68
- <AttackPostParams></AttackPostParams>
69
- <AttackMatchedString>6759001</AttackMatchedString>
70
- <AttackRequestList>
71
- <AttackRequest>
72
- <DbId>E70A833E09944518999100DD31DCDEDF</DbId>
73
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
74
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
75
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
76
- <Benign>0</Benign>
77
- </AttackRequest>
78
- </AttackRequestList>
79
- </Attack>
80
- <Attack>
81
- <DbId>6B29EBB4F4094201B6541769C9D3BCFB</DbId>
82
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
83
- <AttackValue>';alert('xhsysg0a');//</AttackValue>
84
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
85
- <AttackPostParams></AttackPostParams>
86
- <AttackMatchedString>xhsysg0a</AttackMatchedString>
87
- <AttackRequestList>
88
- <AttackRequest>
89
- <DbId>245EEA880FA748298BFDD11D286A2AA8</DbId>
90
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
91
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
92
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
93
- <Benign>0</Benign>
94
- </AttackRequest>
95
- </AttackRequestList>
96
- </Attack>
97
- <Attack>
98
- <DbId>208D71F46FC84F7A97A51A9D204936E8</DbId>
99
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
100
- <AttackValue>'+alert(14357991)+'</AttackValue>
101
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
102
- <AttackPostParams></AttackPostParams>
103
- <AttackMatchedString>14357991</AttackMatchedString>
104
- <AttackRequestList>
105
- <AttackRequest>
106
- <DbId>656C78FC2C5A4E8E88805D70E85C03BB</DbId>
107
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
108
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
109
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
110
- <Benign>0</Benign>
111
- </AttackRequest>
112
- </AttackRequestList>
113
- </Attack>
114
- <Attack>
115
- <DbId>FF2039A5A33D4167B1BD5F10DBD78989</DbId>
116
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
117
- <AttackValue><![CDATA[xhyk2ajq-pt"><script>alert(15009454)</script>]]></AttackValue>
118
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
119
- <AttackPostParams></AttackPostParams>
120
- <AttackMatchedString>15009454</AttackMatchedString>
121
- <AttackRequestList>
122
- <AttackRequest>
123
- <DbId>81362DB814024D8899B83D4A4FF7DE3A</DbId>
124
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
125
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
126
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
127
- <Benign>0</Benign>
128
- </AttackRequest>
129
- </AttackRequestList>
130
- </Attack>
131
- <Attack>
132
- <DbId>96A0331A38FF47AFA13C547518721E08</DbId>
133
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
134
- <AttackValue><![CDATA[<img """><script>alert("x9khdxei")</script>">]]></AttackValue>
135
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
136
- <AttackPostParams></AttackPostParams>
137
- <AttackMatchedString>x9khdxei</AttackMatchedString>
138
- <AttackRequestList>
139
- <AttackRequest>
140
- <DbId>49A7844AA3884CE19078E68B4F12E04B</DbId>
141
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
142
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
143
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
144
- <Benign>0</Benign>
145
- </AttackRequest>
146
- </AttackRequestList>
147
- </Attack>
148
- <Attack>
149
- <DbId>23E5FDE97F5E42628FC74477F8513B8D</DbId>
150
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
151
- <AttackValue>');alert('x9krdis7');//</AttackValue>
152
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
153
- <AttackPostParams></AttackPostParams>
154
- <AttackMatchedString>x9krdis7</AttackMatchedString>
155
- <AttackRequestList>
156
- <AttackRequest>
157
- <DbId>E982E7BCB4F64A56AC6AC1B8C697E284</DbId>
158
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
159
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
160
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
161
- <Benign>0</Benign>
162
- </AttackRequest>
163
- </AttackRequestList>
164
- </Attack>
165
- <Attack>
166
- <DbId>B87C5202F4A74BEBA06936F6BD186076</DbId>
167
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
168
- <AttackValue>'-alert(15189768)-'</AttackValue>
169
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
170
- <AttackPostParams></AttackPostParams>
171
- <AttackMatchedString>15189768</AttackMatchedString>
172
- <AttackRequestList>
173
- <AttackRequest>
174
- <DbId>E3F212EBD7134B958D3EB7D4369FE1A9</DbId>
175
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
176
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
177
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
178
- <Benign>0</Benign>
179
- </AttackRequest>
180
- </AttackRequestList>
181
- </Attack>
182
- <Attack>
183
- <DbId>ED858AB85A2C46C9953BA5E86C412BEE</DbId>
184
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
185
- <AttackValue>';alert('x9lj3cup');//</AttackValue>
186
- <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
187
- <AttackPostParams></AttackPostParams>
188
- <AttackMatchedString>x9lj3cup</AttackMatchedString>
189
- <AttackRequestList>
190
- <AttackRequest>
191
- <DbId>2F292FE91CD64B86B98B536D9BA66FE7</DbId>
192
- <ParentDbId>00000000000000000000000000000000</ParentDbId>
193
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
194
- <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
195
- <Benign>0</Benign>
196
- </AttackRequest>
197
- </AttackRequestList>
198
- </Attack>
199
- </AttackList>
36
+ <br/>
37
+ Forced Browsing Past Access Control Checks – many sites require users to pass certain checks before being granted access to certain URLs
38
+ that are typically ‘deeper’ down in the site. These checks must not be bypassable by a user that simply skips over the page with the security check</p>]]></Recommendation>
39
+ <Page>https://test.t.example.com/en/help</Page>
40
+ <Url>https://test.t.example.com/en/help</Url>
41
+ <VulnParamType>unknown</VulnParamType>
42
+ <CrawlTraffic>R0VUIC9lbi9oZWxwP3N1YmplY3Q.....MGNiOTEwDQoNCg==</CrawlTraffic>
43
+ <CrawlTrafficTemplate>R0VUIC9lbi9oZWxwP3N1YmplY3.....GNiOTEwDQoNCg==</CrawlTrafficTemplate>
44
+ <CrawlTrafficResponse>SFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250.....aXB0PgoKPC9ib2R5Pgo8L2h0bWw+Cg==</CrawlTrafficResponse>
45
+ <AttackClass>Application Developer</AttackClass>
46
+ <CweId>264</CweId>
47
+ <CAPEC>0</CAPEC>
48
+ <DISSA_ASC>3500</DISSA_ASC>
49
+ <OWASP2007>7</OWASP2007>
50
+ <OWASP2010>3</OWASP2010>
51
+ <OWASP2013>2</OWASP2013>
52
+ <OWASP2017>2</OWASP2017>
53
+ <OVAL>0</OVAL>
54
+ <WASC>0</WASC>
55
+ <ScanDate>2018-03-19 16:30:53</ScanDate>
56
+ <ScanEnd>2018-03-19 16:48:09</ScanEnd>
57
+ <StatisticallyPrevalentOriginalResponseCode>200</StatisticallyPrevalentOriginalResponseCode>
58
+ <Confidence>Medium</Confidence>
59
+ <DefenseBL>
60
+ <DbId>F82B40D423864661A41C9F1323CAB60B</DbId>
61
+ <ParentDbId>613A47F32E334362AABEC26B51312380</ParentDbId>
62
+ <PcreRegex></PcreRegex>
63
+ <ModSecurity></ModSecurity>
64
+ <Snort></Snort>
65
+ <Imperva></Imperva>
66
+ </DefenseBL>
67
+ <DefenseWL>
68
+ <DbId>230A37C28D764DF5A1E7D1B66C154659</DbId>
69
+ <ParentDbId>613A47F32E334362AABEC26B51312380</ParentDbId>
70
+ <PcreRegex></PcreRegex>
71
+ <ModSecurity></ModSecurity>
72
+ <Snort></Snort>
73
+ <Imperva></Imperva>
74
+ </DefenseWL>
75
+ <AttackList>
76
+ <Attack>
77
+ <DbId>F3CE345BAF3442B48B2668809722032D</DbId>
78
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
79
+ <AttackId>PE_01</AttackId>
80
+ <AttackValue></AttackValue>
81
+ <AttackVulnUrl>https://test.t.example.com/en/help</AttackVulnUrl>
82
+ <AttackPostParams></AttackPostParams>
83
+ <AttackMatchedString>OK</AttackMatchedString>
84
+ <AttackDescription>Server allowed access to the resource without valid session</AttackDescription>
85
+ <AttackConfigDescription>Privilege Escalation</AttackConfigDescription>
86
+ <AttackUserNotes></AttackUserNotes>
87
+ <OriginalValue></OriginalValue>
88
+ <OriginalResponseCode>200</OriginalResponseCode>
89
+ <AttackRequestList>
90
+ <AttackRequest>
91
+ <DbId>0D9D750204F742E3B0FC513BFA1EABC9</DbId>
92
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
93
+ <Request>R0VUIC9lbi9oZWxwP3N1.....mlvDQoNCg==</Request>
94
+ <Response>SFRUUC8xLjEgMjAwIE9LDQpDYWNoZ.....ib2R5Pgo8L2h0bWw+Cg==</Response>
95
+ <Benign>0</Benign>
96
+ </AttackRequest>
97
+ <AttackRequest>
98
+ <DbId>D12FBA19C7AD4279A0D698D14D6480BE</DbId>
99
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
100
+ <Request>R0VUIC9lbi9oZWxwIEhUVFA.....N0LnQuZ2FiLmlvL2VuLw0KDQo=</Request>
101
+ <Response>SFRUUC8xLjEgMjAwIE9LDQpD.....PC9ib2R5Pgo8L2h0bWw+Cg==</Response>
102
+ <Benign>0</Benign>
103
+ </AttackRequest>
104
+ </AttackRequestList>
105
+ </Attack>
106
+ <Attack>
107
+ <DbId>24E4628D02CB4EF88C6DD5A4CC3A9649</DbId>
108
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
109
+ <AttackId>PE_01</AttackId>
110
+ <AttackValue></AttackValue>
111
+ <AttackVulnUrl>https://test.t.example.com/en/help</AttackVulnUrl>
112
+ <AttackPostParams></AttackPostParams>
113
+ <AttackMatchedString>OK</AttackMatchedString>
114
+ <AttackDescription>Server allowed access to the resource without valid session</AttackDescription>
115
+ <AttackConfigDescription>Privilege Escalation</AttackConfigDescription>
116
+ <AttackUserNotes></AttackUserNotes>
117
+ <OriginalValue></OriginalValue>
118
+ <OriginalResponseCode>200</OriginalResponseCode>
119
+ <AttackRequestList>
120
+ <AttackRequest>
121
+ <DbId>658B7A8BA3414DF38F98E55CF3C6A531</DbId>
122
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
123
+ <Request>R0VUIC9lbi9oZWxwP3N.....YWIuaW8NCg0K</Request>
124
+ <Response>SFRUUC8xLjEgMjAwIE9LD.....2R5Pgo8L2h0bWw+Cg==</Response>
125
+ <Benign>0</Benign>
126
+ </AttackRequest>
127
+ <AttackRequest>
128
+ <DbId>90B1D05DE89E4276A5BF156DD037773C</DbId>
129
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
130
+ <Request>R0VUIC9lbi9oZWxw.....Z2FiLmlvL2VuLw0KDQo=</Request>
131
+ <Response>SFRUUC8xLjEgMjAwI.....9ib2R5Pgo8L2h0bWw+Cg==</Response>
132
+ <Benign>0</Benign>
133
+ </AttackRequest>
134
+ </AttackRequestList>
135
+ </Attack>
136
+ </AttackList>
200
137
  </Vuln>
data/templates/vuln.template CHANGED
@@ -31,14 +31,14 @@
31
31
  #[DISSA_ASC]#
32
32
  %vuln.dissa_asc%
33
33
 
34
- #[OWASP2007]#
35
- %vuln.owasp2007%
36
-
37
34
  #[OWASP2010]#
38
35
  %vuln.owasp2010%
39
36
 
40
37
  #[OWASP2013]#
41
38
  %vuln.owasp2013%
42
39
 
40
+ #[OWASP2017]#
41
+ %vuln.owasp2017%
42
+
43
43
  #[OVAL]#
44
44
  %vuln.oval%
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-ntospider
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.0
4
+ version: 4.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-14 00:00:00.000000000 Z
11
+ date: 2022-04-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -28,30 +28,72 @@ dependencies:
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '1.6'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: byebug
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
39
53
  - !ruby/object:Gem::Version
40
- version: '1.6'
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rake
43
57
  requirement: !ruby/object:Gem::Requirement
44
58
  requirements:
45
- - - "~>"
59
+ - - ">="
46
60
  - !ruby/object:Gem::Version
47
- version: '10.0'
61
+ version: '0'
48
62
  type: :development
49
63
  prerelease: false
50
64
  version_requirements: !ruby/object:Gem::Requirement
51
65
  requirements:
52
- - - "~>"
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec-rails
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: combustion
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
53
95
  - !ruby/object:Gem::Version
54
- version: '10.0'
96
+ version: '0'
55
97
  description: This add-on allows you to upload and parse output produced from NTOSpider
56
98
  Web Vulnerability Scanner into Dradis.
57
99
  email:
@@ -63,6 +105,7 @@ files:
63
105
  - ".github/issue_template.md"
64
106
  - ".github/pull_request_template.md"
65
107
  - ".gitignore"
108
+ - ".rspec"
66
109
  - CHANGELOG.md
67
110
  - CHANGELOG.template
68
111
  - CONTRIBUTING.md
@@ -78,9 +121,12 @@ files:
78
121
  - lib/dradis/plugins/ntospider/gem_version.rb
79
122
  - lib/dradis/plugins/ntospider/importer.rb
80
123
  - lib/dradis/plugins/ntospider/version.rb
124
+ - lib/ntospider/attack.rb
81
125
  - lib/ntospider/vuln.rb
82
126
  - lib/tasks/thorfile.rb
83
127
  - spec/fixtures/files/VulnerabilitiesSummary.xml
128
+ - spec/ntospider_import_spec.rb
129
+ - spec/spec_helper.rb
84
130
  - templates/evidence.fields
85
131
  - templates/evidence.sample
86
132
  - templates/evidence.template
@@ -112,3 +158,5 @@ specification_version: 4
112
158
  summary: NTOSpider add-on for the Dradis Framework.
113
159
  test_files:
114
160
  - spec/fixtures/files/VulnerabilitiesSummary.xml
161
+ - spec/ntospider_import_spec.rb
162
+ - spec/spec_helper.rb