Updated docs

0xCollab · Aug 16, 2018 · 73ec868 · 73ec868
1 parent 06af960
commit 73ec868
Show file tree

Hide file tree

Showing 13 changed files with 44 additions and 2 deletions.
diff --git a/docs/resources/sqli2.png b/docs/resources/sqli2.png
diff --git a/docs/solution/a1-injection.md b/docs/solution/a1-injection.md
@@ -9,7 +9,7 @@ http://127.0.0.1:9090/app/usersearch
 By injecting a single quote `'`, we see an error has occurred.
 ![sqli1](/resources/sqli1.png "SQLi Trigger")
 
-An attacker can exploit this further and obtain potentially sensitive information from the database
+An attacker can exploit this further and obtain potentially sensitive information from the database by supplying the input `' UNION SELECT password,1 from Users where login='user' #`
 ![sqli2](/resources/sqli2.png "Exploiting SQLi")
 
 **Vulnerable Code snippet**
@@ -43,6 +43,8 @@ Implemented in the following files
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/dc1f9c54685eb04f55e444370d6d622834e4cc00)
+
 **Recommendation**
 
 - Validate Input before processing
@@ -89,6 +91,8 @@ Implemented in the following files
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/4fe36fcfbd615fc9ea340e1238be33dd0d140ef8)
+
 **Recommendation**
 
 - Use exec_file or spawn method instead

diff --git a/docs/solution/a10-insufficient-logging.md b/docs/solution/a10-insufficient-logging.md
@@ -50,6 +50,8 @@ Implemented in the following files
 - *core/passport.js*
 - *core/authHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/56c5e82c1a000e26ae19afb67b6696d634ceab2e)
+
 **Recommendation**
 
 - Log all sensitive operations by default

diff --git a/docs/solution/a2-broken-auth.md b/docs/solution/a2-broken-auth.md
@@ -14,6 +14,12 @@ This issue can be exploited by an attacker to reset any user's password by using
 http://127.0.0.1:9090/resetpw?login=<username>&token=<md5(username)>
 ```
 
+You can obtain the md5sum for `user` by running the following 
+
+```bash
+echo -n 'user' | md5sum
+```
+
 **Solution**
 
 Store the password reset request along with a randomly generated token string and expiry
@@ -29,6 +35,8 @@ Implemented in the following files
 - *core/authHandler.js*
 - *models/passreset.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/c8d519e41a752def46d80de699a94a23800df426)
+
 ## Insecure Session Secret
 
 The session secret is used is insecure and is used in the example snippets across the web
@@ -59,6 +67,8 @@ Implemented in the following files
 - *server.js*
 - *config/server.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/1d01e9af620d88a938a2abdf97306fa20026b927)
+
 **Recommendation**
 
 - Do not copy paste code without understanding what it does

diff --git a/docs/solution/a3-sensitive-data-exposure.md b/docs/solution/a3-sensitive-data-exposure.md
@@ -38,6 +38,8 @@ Implemented in the following files
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/7c28c2e007ac48badc604e52621c37bbb8da8fbd)
+
 ## Logging of sensitive information
 
 ![info-dis](/resources/info-dis2.png "Password Hash Disclosed")
@@ -63,6 +65,8 @@ Implemented in the following files
 
 - *models/index.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/60ed581799f2257e1be2d8a7747014d6b3d123af)
+
 **Recommendation**
 
 - Always be wary of where all your data resides or is transmitted to

diff --git a/docs/solution/a4-xxe.md b/docs/solution/a4-xxe.md
@@ -53,6 +53,8 @@ Implemented in the following file
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/15f9dc298ff8e46f0dbeca6b260416c086db2446)
+
 **Recommendation**
 
 - Ensure that External entity parsing is disabled

diff --git a/docs/solution/a5-broken-access-control.md b/docs/solution/a5-broken-access-control.md
@@ -60,6 +60,8 @@ Implemented in the following files
 - *routes/app.js*
 - *views/app/admin.ejs*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/1d10d266567a6b721bd368500838756e1cd7966b)
+
 ## Missing Authorization check in Edit User
 
 The `userEditSubmit` method fails to validate `id` parameter to ensure that the calling user has appropriate access to the object. This issue can be exploited to reset information for any user identified by id.
@@ -101,6 +103,8 @@ Implemented in the following files
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/edfe31c81e8594ac336b3fd3a558e174af9fe7b3)
+
 **Recommendation**
 
 - Try to restrict your functions to maximum extent, White listing is always better than blacklisting

diff --git a/docs/solution/a6-securty-misconfig.md b/docs/solution/a6-securty-misconfig.md
@@ -39,6 +39,8 @@ Implemented in the following files
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/9b17e5ae55a6bf0ec8ba41c25956c26e6e62badd)
+
 ## X-Powered-By header
 
 ![powered-by](/resources/powered-by.png "X-Powered-By")
@@ -55,6 +57,8 @@ Implemented in the following files
 
 - *server.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/e5810006cb91fb22bc6287f2dd67ba7c779d26fa)
+
 **Reference**
 - <https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration>
 - <https://expressjs.com/en/advanced/best-practice-security.html>

diff --git a/docs/solution/a7-xss.md b/docs/solution/a7-xss.md
@@ -41,9 +41,11 @@ Implemented in the following files
 - *server.js*
 - *views/app/products.ejs*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/6acbb14b51df84d4c4986d95f8fa4e3a6d600e35)
+
 ## Stored XSS in Product Listing
 
-Another XSS vulnerability exists in the same page, however at a different location
+Another XSS vulnerability exists in the same page, however at a different location. By supplying an input such as `<script>alert('xss')</script>`, we can verify the XSS
 
 **Vulnerable Code snippet**
 
@@ -77,6 +79,8 @@ Implemented in the following files
 - *server.js*
 - *views/app/products.ejs*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/6acbb14b51df84d4c4986d95f8fa4e3a6d600e35)
+
 **Recommendation**
 
 - Use Security header `X-XSS-Protection` to prevent reflected XSS attacks

diff --git a/docs/solution/a8-insecure-deserialization.md b/docs/solution/a8-insecure-deserialization.md
@@ -44,6 +44,8 @@ Implemented in the following files
 
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/624a4ee88b3af804271d183f2921448851ddbfff)
+
 **Recommendation**
 
 - Use secure and recommended ways to implement application features

diff --git a/docs/solution/a9-using-components-with-known-vulnerability.md b/docs/solution/a9-using-components-with-known-vulnerability.md
@@ -39,6 +39,8 @@ Implemented in the following files
 
 - *package.json*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/5f1a4ca4c8262419321c3790757ae8719d9676a7)
+
 **Recommendation**
 
 - Dependencies must be updated regularly, and preferably automatically. 

diff --git a/docs/solution/ax-csrf.md b/docs/solution/ax-csrf.md
@@ -39,6 +39,8 @@ Implemented in the following files
 - *views/app/modifyproducts.ejs*
 - *views/app/useredit.ejs*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/2c88ab87f19a9d124c925d33f346ec3897038eea)
+
 **Reference**
 
 - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

diff --git a/docs/solution/ax-unvalidated-redirects-and-forwards.md b/docs/solution/ax-unvalidated-redirects-and-forwards.md
@@ -36,5 +36,7 @@ Implemented in the following files
 - *views/app/redirect.ejs*
 - *core/appHandler.js*
 
+The fix has been implemented in this [commit](https://github.com/appsecco/dvna/commit/0df0980a19778e0cf627cd09b365e3e84023cf75)
+
 **Reference**
 - https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet