OWASP
transform the exploit database to yaml
The exploit database is hard to maintain, moving it to yaml, makes it human readable and much easier to maintain and contribute to.
Hello,
It's a nice idea to change the exploit database, @rezasp please review and suggest yaml, json or xml.
Regards.
xml is kind-of hard to read/write. json is also more for machines, IMHO, yaml on the other hand is human readable and more line-oriented, this makes easer diffs and is thus easier to review. for every format exist stable libraries.
So my argument still is: The whole file needs to be maintained and updated by humans. So my vote is for yaml :)
I've been already toying around with semi-automatic extraction cve's regarding joomla. My tool is still in it's very early state. (One would have to correct it manually though. In this example my program was not able to detect, that it si not the core part of joomla, but component) The output looks something like this:
- desc: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
id: CVE-2016-1000113
refs:
- src:
BID:
- entry: '92102'
url: http://www.securityfocus.com/bid/92102
MISC:
- entry: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
url: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
- entry: http://www.vapidlabs.com/advisory.php?v=164
url: http://www.vapidlabs.com/advisory.php?v=164
vuln_part: core
vulnerable_versions:
from: 1.1.5
to: ''
- desc: XSS in huge IT gallery v1.1.5 for Joomla
id: CVE-2016-1000114
refs:
- src:
BID:
- entry: '92102'
url: http://www.securityfocus.com/bid/92102
MISC:
- entry: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
url: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
- entry: http://www.vapidlabs.com/advisory.php?v=164
url: http://www.vapidlabs.com/advisory.php?v=164
vuln_part: core
vulnerable_versions:
from: 1.1.5
to: