Exploit modules in WordPress Exploit Framework often have a name which is similar to what is recorded in the WPScan Vulnerability Database, but not exactly the same.
Here is an example:
|
class Wpxf::Exploit::CreativeContactFormShellUpload < Wpxf::Module |
|
include Wpxf |
|
|
|
def initialize |
|
super |
|
|
|
update_info( |
|
name: 'Creative Contact Form Shell Upload', |
|
desc: 'This module exploits a file upload vulnerability in all versions '\ |
|
'of the Creative Contact Form plugin prior to version 0.9.8 which '\ |
|
'allows unauthenticated users to upload and execute PHP scripts '\ |
|
'in the context of the web server.', |
|
author: [ |
|
'Gianni Angelozzi', # Vulnerability discovery |
|
'rastating' # WPXF module |
|
], |
|
references: [ |
|
['EDB', '35057'], |
|
['WPVDB', '7652'] |
|
], |
|
date: 'Oct 22 2014' |
|
) |
|
end |
The name in the module is Creative Contact Form Shell Upload whereas the name in the WPScan Vulnerability Database is Creative Contact Form <= 0.9.7 Shell Upload. This makes searching by name difficult...
Every vulnerability recorded in the WPScan Vulnerability Database has a unique ID. The author of module in my example has included the ID under references:
references: [
['EDB', '35057'],
['WPVDB', '7652']
], So what I'm proposing is the ability to search WordPress Exploit Framework using the WPScan Vulnerability Database ID (WPVDB ID).
Searching by ID has several advantages, such as:
- IDs are immutable (they should never change) whereas a title might change, for example if a vulnerability is submitted with a typo/spelling mistake.
- If a vulnerability includes punctuation in the name such as a hyphen, it is easy for this to be reproduced incorrectly (‒, –, —, ―). There's no such ambiguity with a numeric ID.
- If in the future the WPScan Vulnerability Database decides to support multiple languages, the ID remains consistent across languages.
Exploit modules in WordPress Exploit Framework often have a name which is similar to what is recorded in the WPScan Vulnerability Database, but not exactly the same.
Here is an example:
wordpress-exploit-framework/lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb
Lines 3 to 25 in 4462106
The name in the module is
Creative Contact Form Shell Uploadwhereas the name in the WPScan Vulnerability Database isCreative Contact Form <= 0.9.7 Shell Upload. This makes searching by name difficult...Every vulnerability recorded in the WPScan Vulnerability Database has a unique ID. The author of module in my example has included the ID under
references:So what I'm proposing is the ability to search WordPress Exploit Framework using the WPScan Vulnerability Database ID (WPVDB ID).
Searching by ID has several advantages, such as: