diff --git a/README.md b/README.md index afc5aa8..b57ce51 100644 --- a/README.md +++ b/README.md @@ -37,25 +37,25 @@ The project current core team are: - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + -
Template NameVulnerable PageTemplate NameVulnerable Page
2.1.11✔️3.1.1
3.4.13.4.2
5.1.5✔️5.1.2
5.1.15.2.5.1
5.2.15.2.6
5.3.45.3.3.2
5.3.9✔️5.3.3.1
5.5.28.2.1
9.1.29.1.3
12.1.1✔️12.1.1.2
12.3.3✔️12.6.1✔️
13.1.313.2.2✔️
13.2.313.2.1
13.3.1✔️14.2.3
14.3.214.4.7
14.4.214.4.5
14.4.114.4.4
14.4.614.4.3
3.3.53.4.1
3.4.25.1.1
5.1.25.1.5✔️
5.2.15.2.5.1
5.2.65.3.9✔️
5.3.3.25.3.4
5.3.3.15.5.2
8.2.19.1.3
9.1.212.1.1✔️
12.1.1.212.3.3✔️
12.6.1✔️13.1.3
13.2.2✔️13.2.1
13.2.313.3.1✔️
14.2.314.3.2
14.4.314.4.2
14.4.414.4.5
14.4.714.4.6
14.4.114.5.1
14.5.2✔️14.5.3✔️
14.5.1
diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index 045e9f8..ba9e95d 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 4b0a004830460221008abed7c5325a8518c05263575c8c5e574b1884952b2e75974d2be504961a7b9102210089b15b5102cc68184167d1a5270d4ff06a018de0eed03289ea71ba7fad0a50e8:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4a0a00473045022100fcf5a7563848e40a5e74c8f5a8406a7da1800c0de1fb85fd93009f3065ffc4ba02206fb604dd21c03a7cf39d9a08dc90d10c8f73743f0b245432eb2e9e3850ec5577:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/code/3.3.5.yaml b/templates/code/3.3.5.yaml new file mode 100644 index 0000000..98c826c --- /dev/null +++ b/templates/code/3.3.5.yaml @@ -0,0 +1,53 @@ +id: ASVS-5-0-0-V3-3-5 + +info: + name: ASVS 3.3.5 Check + author: AmirHossein Raeisi + severity: info + classification: + cwe-id: CWE-613 + reference: + - https://en.wikipedia.org/wiki/HTTP_cookie + tags: asvs,3.3.5 + description: | + Verify that when the application writes a cookie, the cookie name and value length combined are not over 4096 bytes. Overly large cookies will not be stored by the browser and therefore not sent with requests, preventing the user from using application functionality which relies on that cookie. + +flow: | + http() + javascript() + +http: + - method: GET + path: + - "{{BaseURL}}" + host-redirects: true + max-redirects: 2 + +javascript: + - code: | + content = template.http_all_headers; + const setCookieLines = content + .split(/\r\n/) + .filter(line => line.trim().toLowerCase().startsWith('set-cookie:')); + + const cookieDetails = setCookieLines + .map(line => { + const match = line.match(/set-cookie:\s*([^=]+)=([^;]+)/i); + if (match) { + const cookieName = match[1]; + const cookieValue = match[2]; + const cookieString = `${cookieName}=${cookieValue}`; + if (cookieString.length > 4096) { + return cookieName; + } + } + }) + .filter(Boolean); + + cookieDetails; + + extractors: + - type: regex + regex: + - '[a-zA-Z0-9_-]+' +# digest: 4a0a0047304502207dc33efbda702dccc6ff9845a2d0cae55e4cc74b68b36daa4c61e02ba76ada0c0221009156ea8ebb572937653c9d52bca4e3fd695f84380341d0272a5312cf79250894:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.3.3.2.yaml b/templates/dast/5.3.3.2.yaml index 39e0678..4c23e27 100644 --- a/templates/dast/5.3.3.2.yaml +++ b/templates/dast/5.3.3.2.yaml @@ -10,8 +10,8 @@ info: - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting - https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_3/ - https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/xss/reflected-xss.yaml -tags: asvs,5.3.3 -description: | + tags: asvs,5.3.3 + description: | Verify that context-aware, preferably automated - or at worst, manual - output escaping protects against reflected, stored, and DOM based XSS. ([C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) variables: @@ -54,4 +54,4 @@ http: part: header words: - "text/html" -# digest: 490a0046304402203745616e4eed1a379291f198ff1bceca4026f35ab31ae6fc57a103bfa0b35b1002202ebcca2385d281aaaaa9cea4d7ff92f9d0b77ae3d6bfeb376ea073ae986126b4:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4a0a0047304502206281af73bc04909d242b46e09f81b425b103b91c26f26b38ad852428b16edfc7022100a82032a6b6432d5c19aa9f92a8ad4c82fd96d6d706a45362cddbd76c2344f6cf:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file