Creating a Php Based Application find POC/Exploit from github by CVE-ID
In April 9 2021 , I created an cli based python3 application named git-cve, git-cve can search for Exploit/poc for defined CVE-ID . But I was not satisfied with that because it was not that stable , I Was thinking to create something similar to that but in gui Web-based , I saw a post from vulners, They have lunched a new robot to find poc/exploit for CVE-ID.
So I thought lets create something like that , But only using php without any cost , While Creating My Git-CVE python script , I found a github repo which was automatically collecting POC /Exploit for cve id and the interesting thing is those collected information were stored as json . Thats a plus point for me.
Github Repository
So I thought using this repo as an api for my application , cause its opensource and updating often. So lets Start Writing the code.
by clicking raw , we can view the raw format of this page and url looks like this.
https://raw.githubusercontent.com/nomi-sec/PoC-in-GitHub/master/2021/CVE-2021-21975.jsonIf i change the value of /2021 and /CVE-2021–21975 it will show result of defined cve number. We will keep everything same and replace these two value with user input [.json] will be unchanged. We don’t need to get two input from user cause the CVE-ID contains the year of its publication .
So first Lets Get User Input using Php , We can do that by using html form or using parameter. In this case i will use GET method and url parameter to get the user input.
Lets take a variable named cve_id and store the user input in it.
it will take input from the user using a url parameter named id and store the user input to cve_id variable.
Example
https://url.tld/cve.php?id=CVE-2020-1234After Getting the user input our first step is to sanitize the user input , cause we don’t want his malicious payload to be executed in our webpage . We are not gonna create a another variable and store the sanitized input on it , we are gonna directly sanitize user input from its source using htmlentities().
Now our first task is to split year from this cve id cause we need the year to get the cve-id poc/exploit information. Php has a function named explode , which helps to separate text using special character , our cve id contains a special character which divide cve-year-id . We are gonna split year using (-) and explode function. after splitting we are gonna get 3 value 0 1 2 , 0 is CVE 1 is YEAR 2 is ID. Now Lets Split it.
on the code above , first i created a variable named spl to store all the splited array after that , i stored array number 1 to variable named year. Now our task is to create a call to that github repo to get all the infromation about the poc for user’s cve id.
after the request url will respond us with json now we have to handle json to extract exact information about the cve-id. Php has built in function named json_decode to decode the json and extract information we will use this json_decode to decode the response. first lets see what the json contains.
it contains id , repo name , html_url , creation date , etc etc. We don’t need these all . we are gonna extract just the url and author name of this poc. you can extend it if you want but for article purpose i am just gonna extract username of the author and poc link. at first lets get json from the url using a php function named file_get_contents and json_decode to extract the json contents. lets start.
our frame is ready now lets extract those data to our client page.
output will be similar to the image bellow.
Source Code :
My Project : https://git-cve.system00-sec.com/
Thank you for reading . My main motive is to create something new from the old and make them opensource , i do not wish to make fun or harm someone financially , this article just explains how i created my project nothing more.
