Skip to content

Commit fe3adf2

Browse files
sei-renaesei-renae
committed
Clean CWE-IDs list to only exploit_possible=yes, eliminate need for side scrolling, add hyperlinks, and create a markdown version of the csv per issues 530 and 713.
1 parent c7a2954 commit fe3adf2

File tree

2 files changed

+39
-4
lines changed

2 files changed

+39
-4
lines changed

docs/_includes/cwe-with-poc-examples.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
|CWE-ID|CWE name|How could vulnerabilities containing this CWE be exploited?|Tools|
2+
|---|---|---|---|
3+
|[CWE-22](https://cwe.mitre.org/data/definitions/22.html)|Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')|"directory/path traversal ""../"""|[Panoptic](https://github.com/lightos/Panoptic); [Burp Suite](https://portswigger.net/burp)|
4+
|[CWE-59](https://cwe.mitre.org/data/definitions/59.html)|Improper Link Resolution Before File Access ('Link Following')|symlink attack|No specialized resources are required to execute this type of attack. The only requirement is the ability to create the necessary symbolic link.|[CAPEC](https://capec.mitre.org/data/definitions/132.html)|
5+
|[CWE-77](https://cwe.mitre.org/data/definitions/77.html)|Improper Neutralization of Special Elements used in a Command ('Command Injection')|command injection|[Commix](https://github.com/commixproject/commix)|
6+
|[CWE-78](https://cwe.mitre.org/data/definitions/78.html)|Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')|OS command injection|[Commix](https://github.com/commixproject/commix); [Burp Suite]( https://portswigger.net/burp)|
7+
|[CWE-79](https://cwe.mitre.org/data/definitions/79.html)|Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')|cross-site scripting attack|[XSSER](https://github.com/epsylon/xsser); [Pybelt](https://github.com/Ekultek/Pybelt); [XSStrike](https://github.com/s0md3v/XSStrike)|
8+
|[CWE-88](https://cwe.mitre.org/data/definitions/88.html)|Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')|argument/parameter injection|[Argument Injection Hammer](https://github.com/nccgroup/argumentinjectionhammer)|
9+
|[CWE-89](https://cwe.mitre.org/data/definitions/89.html)|Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')|malicious SQL command injection|[SQLMap](https://github.com/sqlmapproject/sqlmap); [BBQSQL](https://github.com/CiscoCXSecurity/bbqsql); [JSQL injection](https://github.com/ron190/jsql-injection); [NoSQLMap](https://github.com/codingo/NoSQLMap)|
10+
|[CWE-91](https://cwe.mitre.org/data/definitions/91.html)|XML Injection (aka Blind XPath Injection)|"inject XML code into a web input| XML file or stream"|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|
11+
|[CWE-209](https://cwe.mitre.org/data/definitions/209.html)|Generation of Error Message Containing Sensitive Information|read/capture sensitive information contained in error message|[OWASP ZAP](https://www.zaproxy.org/); [Burp Suite](https://portswigger.net/burp)|
12+
|[CWE-276](https://cwe.mitre.org/data/definitions/276.html)|Incorrect Default Permissions try to access data or privileges you normally should not have access to|"No specialized resources are required to execute this type of attack. In order to discover unrestricted resources, the attacker does not need special tools or skills. They only have to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly."|[CAPEC](https://capec.mitre.org/data/definitions/1.html)|
13+
|[CWE-294](https://cwe.mitre.org/data/definitions/294.html)|Authentication Bypass by Capture-replay|capture-replay attack|[Wireshark](https://www.wireshark.org/); [smartsniff](https://www.nirsoft.net/utils/smsniff.html)|
14+
|[CWE-307](https://cwe.mitre.org/data/definitions/307.html)|Improper Restriction of Excessive Authentication Attempts|brute force attack|[THC Hydra](https://github.com/vanhauser-thc/thc-hydra); [John the Ripper](https://github.com/openwall/john); [L0phtCrack](https://gitlab.com/l0phtcrack/l0phtcrack); [Hashcat](https://hashcat.net/hashcat)|
15+
|[CWE-312](https://cwe.mitre.org/data/definitions/312.html)|Cleartext Storage of Sensitive Information|find sensitive data stored in system|[OWASP ZAP](https://www.zaproxy.org/); [Burp Suite](https://portswigger.net/burp)|
16+
|[CWE-319](https://cwe.mitre.org/data/definitions/319.html)|Cleartext Transmission of Sensitive Information|capture traffic and extract sensitive information|[Wireshark](https://www.wireshark.org/); [Smartsniff](https://www.nirsoft.net/utils/smsniff.html)|
17+
|[CWE-330](https://cwe.mitre.org/data/definitions/330.html)|Use of Insufficiently Random Values|brute force attack|[THC Hydra](https://github.com/vanhauser-thc/thc-hydra); [John the Ripper](https://github.com/openwall/john); [L0phtCrack](https://gitlab.com/l0phtcrack/l0phtcrack); [Hashcat](https://hashcat.net/hashcat)|
18+
|[CWE-331](https://cwe.mitre.org/data/definitions/331.html)|Insufficient Entropy|brute force attack/predictive programs|[hashcat](https://hashcat.net/hashcat/); [php_mt_seed](https://github.com/openwall/php_mt_seed)|
19+
|[CWE-352](https://cwe.mitre.org/data/definitions/352.html)|Cross-Site Request Forgery (CSRF)|CSRF|[Burp Suite](https://portswigger.net/burp); [XSRFProbe](https://github.com/0xInfection/XSRFProbe)|
20+
|[CWE-425](https://cwe.mitre.org/data/definitions/425.html)|Direct Request ('Forced Browsing')|forcibly navigate to unintended (by the system) URLs|[Dirbuster](https://sourceforge.net/projects/dirbuster/); [Dirstalk](https://github.com/stefanoj3/dirstalk)|
21+
|[CWE-426](https://cwe.mitre.org/data/definitions/426.html)|Untrusted Search Path|malicious dll injection/loading|[evildll](https://github.com/CrackerCat/evildll); [evilldll-gen](https://gist.github.com/klezVirus/e24c94d7061f5736e2452eee022f4011 )|
22+
|[CWE-427](https://cwe.mitre.org/data/definitions/427.html)|Uncontrolled Search Path Element|malicious dll injection/loading|[evildll](https://github.com/CrackerCat/evildll); [evilldll-gen](https://gist.github.com/klezVirus/e24c94d7061f5736e2452eee022f4011 )|
23+
|[CWE-428](https://cwe.mitre.org/data/definitions/428.html)|Unquoted Search Path or Element|insert malicious input into unquoted search path|[Metasploit](https://www.metasploit.com/)|
24+
|[CWE-434](https://cwe.mitre.org/data/definitions/434.html)|Unrestricted Upload of File with Dangerous Type|uploading of malicious file (program lacks restrictions to prevent this from occuring)|No specialized resources are required to execute this type of attack.|[CAPEC](https://capec.mitre.org/data/definitions/1.html)|
25+
|[CWE-444](https://cwe.mitre.org/data/definitions/444.html)|Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')|HTTP smuggling|[Smuggler](https://github.com/defparam/smuggler)|
26+
|[CWE-521](https://cwe.mitre.org/data/definitions/521.html)|Weak Password Requirements|brute force attack|[THC Hydra](https://github.com/vanhauser-thc/thc-hydra); [John the Ripper](https://github.com/openwall/john); [L0phtCrack](https://gitlab.com/l0phtcrack/l0phtcrack); [Hashcat](https://hashcat.net/hashcat)|
27+
|[CWE-522](https://cwe.mitre.org/data/definitions/522.html)|Insufficiently Protected Credentials|"search for exposed credentials, capture traffic| or brute force (context-dependent)"|"Context-dependent, may utilize traffic sniffing tools, tools for discovering sensitive information, or brute forcing tools"|[Wireshark](https://www.wireshark.org/); [SMS Sniff](https://www.nirsoft.net/utils/smsniff.html); [OWASP ZAP](https://www.zaproxy.org/); [Burp suite](https://portswigger.net/burp); [THC Hydra](https://github.com/vanhauser-thc/thc-hydra); [John the Ripper](https://github.com/openwall/john); [L0phtCrack](https://gitlab.com/l0phtcrack/l0phtcrack); [Hashcat](https://hashcat.net/hashcat)|
28+
|[CWE-532](https://cwe.mitre.org/data/definitions/532.html)|Insertion of Sensitive Information into Log File|access log files and search them for sensitive information|[OWASP ZAP](https://www.zaproxy.org/); [Burp Suite](https://portswigger.net/burp); - along with the ability to access log files|
29+
|[CWE-611](https://cwe.mitre.org/data/definitions/611.html)|Improper Restriction of XML External Entity Reference|XML external entity injection|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|
30+
|[CWE-639](https://cwe.mitre.org/data/definitions/639.html)|Authorization Bypass Through User-Controlled Key|"modify key values to change what data attacker has access to| insecure direct object vulnerability exploit"|[AuthZ for burpsuite](https://portswigger.net/bappstore/4316cc18ac5f434884b2089831c7d19e)|
31+
|[CWE-776](https://cwe.mitre.org/data/definitions/776.html)|Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')|XML entity expansion|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|
32+
|[CWE-798](https://cwe.mitre.org/data/definitions/798.html)|Use of Hard-coded Credentials|discover and use hardcoded credentials|"Context-dependent, may use password cracking tools| binary analysis tools, or may not require any tools (just knowledge of the default hard-coded credentials)"|[THC Hydra](https://github.com/vanhauser-thc/thc-hydra); [John the Ripper](https://github.com/openwall/john); [L0phtCrack](https://gitlab.com/l0phtcrack/l0phtcrack); [Hashcat](https://hashcat.net/hashcat); [Power Grep](https://www.powergrep.com/)|
33+
|[CWE-916](https://cwe.mitre.org/data/definitions/916.html)|Use of Password Hash With Insufficient Computational Effort|brute force|[THC Hydra](https://github.com/vanhauser-thc/thc-hydra); [John the Ripper](https://github.com/openwall/john); [L0phtCrack](https://gitlab.com/l0phtcrack/l0phtcrack); [Hashcat](https://hashcat.net/hashcat)|
34+
|[CWE-918](https://cwe.mitre.org/data/definitions/918.html)|Server-Side Request Forgery (SSRF)|SSRF|[SSRFmap](https://github.com/swisskyrepo/SSRFmap); [Burp Suite](https://portswigger.net/web-security/ssrf)|
35+
|[CWE-1188](https://cwe.mitre.org/data/definitions/1188.html)|Insecure Default Initialization of Resource|use default credentials|"Context-dependent, but may not need any tools (for example, try to use default credentials or access resources that typically require permissions) - knowledge of the system (and its defaults) helps"||
36+
|[CWE-1236](https://cwe.mitre.org/data/definitions/1236.html)|Improper Neutralization of Formula Elements in a CSV File|CSV injection|"No specialized resources are required to execute this type of attack, it is more based on payloads.":[PayloadsAllTheThings](https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/CSV%20Injection);[OWASP CSV Injection](https://owasp.org/www-community/attacks/CSV_Injection)|
37+
|[CWE-1321](https://cwe.mitre.org/data/definitions/1321.html)|Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')|prototype pollution|[DOM Invader (Burp Suite)](https://portswigger.net/burp/documentation/desktop/tools/dom-invader)|
38+
|[CWE-1333](https://cwe.mitre.org/data/definitions/1333.html)|Inefficient Regular Expression Complexity|ReDoS or exponential backtracking|[ReScue](https://2bdenny.github.io/ReScue/)|

docs/reference/decision_points/exploitation.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,10 +44,7 @@ The table below lists CWE-IDs that could be used to mark a vulnerability as *PoC
4444
describe improper validation of TLS certificates. These CWE-IDs could
4545
always be marked as *PoC* since that meets condition (3) in the definition.
4646

47-
{% include-markdown "../../_includes/_scrollable_table.md" heading-offset=1 %}
48-
49-
<!-- relative to /data/csvs/ -->
50-
{{ read_csv('cwe/possible-cwe-with-poc-examples.csv') }}
47+
{% include-markdown "../../_includes/cwe-with-poc-examples.md" heading-offset=1 %}
5148

5249
## Prior Versions
5350

0 commit comments

Comments
 (0)