Hi, all!
I have proposal to add references to KB vuln object. For example for XSS
we can add references to:
* CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
* OWASP: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
in xss.py it will looks like:
-------------------------------------------
v = vuln.vuln(mutant)
v.setPluginName(self.getName())
v.setId(response.id)
v.setName('Cross site scripting vulnerability')
v.setSeverity(severity.MEDIUM)
v.addReference('OWASP',
'https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)')
v.addReference('CWE-79: Improper Neutralization of Input During Web Page
Generation',
'http://cwe.mitre.org/data/definitions/79.html')
msg = 'Cross Site Scripting was found at: ' + mutant.foundAt()
msg += ' This vulnerability affects ' + ','.join(mutant.affected_browsers)
v.setDesc(msg)
v.addToHighlight(mod_value)
kb.kb.append(self, 'xss', v)
-------------------------------------------
we can use this additional information then in output plugins.
What do you think about it?
--
Taras
http://oxdef.info
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
