fixed vulnerability

ucsb-seclab · Jun 2, 2024 · cfd9210 · cfd9210
1 parent 26a3774
commit cfd9210
Show file tree

Hide file tree

Showing 21 changed files with 87 additions and 96 deletions.
diff --git a/archetypes/default.md b/archetypes/default.md
@@ -1,5 +1,4 @@
 +++
 title = '{{ replace .File.ContentBaseName "-" " " | title }}'
 date = {{ .Date }}
-draft = true
 +++
diff --git a/content/CVEX/CVEX-2017-1000499.md b/content/CVEX/CVEX-2017-1000499.md
@@ -3,7 +3,6 @@ title: CVEX-2017-1000499
 description: phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
 layout: single
 date: 2024-05-27T15:34:00-07:00
-draft: true
 weight: 50
 url: /CVEX-2017-1000499/
 ---

diff --git a/content/CVEX/CVEX-2023-0286.md b/content/CVEX/CVEX-2023-0286.md
@@ -2,7 +2,6 @@
 title: CVEX-2023-0286
 description: Clones openssl version 3.0.7, containing a vulnerability that attributes the wrong variable type (ASN1_TYPE rather than ASN1_STRING) to a x509 address, allowing elevation of privilege.
 layout: single
-draft: true
 weight: 50
 url: /CVEX-2023-0286/
 ---

diff --git a/content/CVEX/CVEX-2023-28155.md b/content/CVEX/CVEX-2023-28155.md
@@ -3,7 +3,6 @@ title: CVEX-2023-28155
 description: The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). This vulnerability only affects products that are no longer supported by the maintainer.
 layout: single
 date: 2024-05-27T15:34:00-07:00
-draft: true
 weight: 50
 url: /CVEX-2023-28155/
 ---

diff --git a/content/CVEX/CVEX-2023-31419.md b/content/CVEX/CVEX-2023-31419.md
@@ -3,7 +3,6 @@ title: CVEX-2023-31419
 description: A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
 layout: single
 date: 2024-05-27T15:34:00-07:00
-draft: true
 weight: 50
 url: /CVEX-2023-31419/
 ---

diff --git a/content/CVEX/CVEX-2023-42282.md b/content/CVEX/CVEX-2023-42282.md
@@ -3,7 +3,6 @@ title: CVEX-2023-42282
 description: The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
 layout: single
 date: 2024-05-27T15:34:00-07:00
-draft: true
 weight: 50
 url: /CVEX-2023-42282/
 ---

diff --git a/content/CVEX/CVEX-2024-21508.md b/content/CVEX/CVEX-2024-21508.md
@@ -3,7 +3,6 @@ title: CVEX-2024-21508
 description: CVE-2024-21508 is a vulnerability found in versions of the mysql2 <= 3.9.4. This vulnerability allows for Remote Code Execution (RCE) through the readCodeFor function, due to improper validation of the supportBigNumbers and bigNumberStrings values. It does not require any specific privileges or user interaction and can be exploited over a network. The potential impact includes high integrity and confidentiality impact, as well as high availability impact.
 layout: single
 date: 2024-05-27T15:34:00-07:00
-draft: true
 weight: 50
 url: /CVEX-2024-21508/
 ---

diff --git a/content/CVEX/CVEX-XPLOR.md b/content/CVEX/CVEX-XPLOR.md
@@ -3,7 +3,6 @@ title: CVEX-XPLOR
 description: A Proof of Concept Demonstration of our CVEX model/framework
 layout: single
 date: 2024-05-27T15:34:00-07:00
-draft: true
 weight: 50
 url: /CVEX-XPLOR/
 ---

diff --git a/content/_index.md b/content/_index.md
@@ -2,7 +2,7 @@
 title: Common Vulnerability and Exposure Executables (CVEX)
 description: 
 layout: single
-draft: true
+url: /
 ---
 ### A Collection of our Completed CVEXes
 This static HUGO website serves as a database of completed CVEXes. These CVEXes were created by the Team of Professors Kruegel & Vigna, with 4 undergraduate researchers affiliated with UCSB's Early Research Scholars Program 2023-2024 cohort.

diff --git a/content/research.md b/content/research.md
@@ -2,7 +2,6 @@
 title: About Xplor CVEX
 description: 
 layout: single
-draft: true
 url: /research/
 ---
 

diff --git a/hugo.toml b/hugo.toml
@@ -1,4 +1,4 @@
-baseURL = '/'
+baseURL = 'http://xplor-cvex.seclab.cs.ucsb.edu/'
 languageCode = 'en-us'
 relativeURLs = true
 title = 'Common Vulneravilities and Exposures with Exploits'

diff --git a/public/404.html b/public/404.html
@@ -7,12 +7,12 @@
 <meta name="description" content="" />
 <meta name="keywords" content="" />
 <meta name="robots" content="noodp" />
-<link rel="canonical" href="//localhost:1313/404.html" />
+<link rel="canonical" href="http://localhost:1313/404.html" />
 <meta property="og:locale" content="en" />
 <meta property="og:title" content="404 Page not found :: Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:description" content="" />
   <meta property="og:type" content="website" />
-<meta property="og:url" content="//localhost:1313/404.html" />
+<meta property="og:url" content="http://localhost:1313/404.html" />
 <meta property="og:site_name" content="Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:image" content="" />
 <meta property="og:image:width" content="2048" />
@@ -28,7 +28,7 @@
   rel="stylesheet"
 />
 <link href="./404.html" rel="alternate" type="application/rss+xml" title="Common Vulneravilities and Exposures with Exploits" />
-<link rel="stylesheet" href="//localhost:1313/styles.css" />
+<link rel="stylesheet" href="http://localhost:1313/styles.css" />
 </head>
 
   <body>
@@ -38,7 +38,7 @@
 <nav class="navbar">
   <div class="navbar__first">
     <ul class="navbar__list borders">
-      <li><a href="//localhost:1313/">Home</a></li>
+      <li><a href="http://localhost:1313/">Home</a></li>
       <li><a href="./research/">Statement</a></li>
       <li><a href="./directoryv1/">CVEX 1.0 Directory</a></li>
       <li><a href="./directoryv2/">CVEX 2.0 Directory</a></li>
@@ -64,20 +64,20 @@
       <h1 class="post-title">404 — Page not found...</h1>
     </header>
     <p>
-      <a href="//localhost:1313/">Back to home page&nbsp;→</a>
+      <a href="http://localhost:1313/">Back to home page&nbsp;→</a>
     </p>
   </article>
         </main>
         <footer class="site-footer">
 <p class="buildinfo">
-  <time datetime="2024-06-02 16:35:08 PDT">Site built on: 2024-06-02 16:35:08 PDT</time>
+  <time datetime="2024-06-02 16:42:18 PDT">Site built on: 2024-06-02 16:42:18 PDT</time>
 </p>
 <div class="copyright">
   <p></p>
   <nav class="navbar">
     <ul class="navbar__list">
-      <li><a href="//localhost:1313/posts/index.xml">RSS</a></li>
-      <li><a href="//localhost:1313/sitemap.xml">Sitemap</a></li>
+      <li><a href="http://localhost:1313/posts/index.xml">RSS</a></li>
+      <li><a href="http://localhost:1313/sitemap.xml">Sitemap</a></li>
     </ul>
   </nav>
 </div>

diff --git a/public/CVEX-2017-1000499/index.html b/public/CVEX-2017-1000499/index.html
@@ -7,15 +7,15 @@
 <meta name="description" content="phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc." />
 <meta name="keywords" content="" />
 <meta name="robots" content="noodp" />
-<link rel="canonical" href="//localhost:1313/CVEX-2017-1000499/" />
+<link rel="canonical" href="http://localhost:1313/CVEX-2017-1000499/" />
 <meta property="og:locale" content="en" />
 <meta property="og:title" content="CVEX-2017-1000499 :: Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:description" content="phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc." />
   <meta property="og:type" content="article" />
     <meta property="article:published_time" content="2024-05-27 15:34:00 -0700 PDT" />
     <meta property="article:modified_time" content="2024-05-27 15:34:00 PDT" />
   <meta property="article:author" content="Common Vulneravilities and Exposures with Exploits" />
-<meta property="og:url" content="//localhost:1313/CVEX-2017-1000499/" />
+<meta property="og:url" content="http://localhost:1313/CVEX-2017-1000499/" />
 <meta property="og:site_name" content="Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:image" content="" />
 <meta property="og:image:width" content="2048" />
@@ -31,7 +31,7 @@
   rel="stylesheet"
 />
 <link href="../CVEX-2017-1000499/" rel="alternate" type="application/rss+xml" title="Common Vulneravilities and Exposures with Exploits" />
-<link rel="stylesheet" href="//localhost:1313/styles.css" />
+<link rel="stylesheet" href="http://localhost:1313/styles.css" />
 </head>
 
   <body>
@@ -41,7 +41,7 @@
 <nav class="navbar">
   <div class="navbar__first">
     <ul class="navbar__list borders">
-      <li><a href="//localhost:1313/">Home</a></li>
+      <li><a href="http://localhost:1313/">Home</a></li>
       <li><a href="../research/">Statement</a></li>
       <li><a href="../directoryv1/">CVEX 1.0 Directory</a></li>
       <li><a href="../directoryv2/">CVEX 2.0 Directory</a></li>
@@ -63,7 +63,7 @@
 </header>
         <main class="site-main"><article class="post">
     <header class="post-header">
-        <h1 class="post-title"><a href="//localhost:1313/CVEX-2017-1000499/">CVEX-2017-1000499</a></h1>
+        <h1 class="post-title"><a href="http://localhost:1313/CVEX-2017-1000499/">CVEX-2017-1000499</a></h1>
         <div class="post-meta">
             <time pubdate datetime="2024-05-27 15:34:00 PDT">
               Published on
@@ -86,14 +86,14 @@ <h1 class="post-title"><a href="//localhost:1313/CVEX-2017-1000499/">CVEX-2017-1
         </main>
         <footer class="site-footer">
 <p class="buildinfo">
-  <time datetime="2024-06-02 16:35:08 PDT">Site built on: 2024-06-02 16:35:08 PDT</time>
+  <time datetime="2024-06-02 16:42:18 PDT">Site built on: 2024-06-02 16:42:18 PDT</time>
 </p>
 <div class="copyright">
   <p></p>
   <nav class="navbar">
     <ul class="navbar__list">
-      <li><a href="//localhost:1313/posts/index.xml">RSS</a></li>
-      <li><a href="//localhost:1313/sitemap.xml">Sitemap</a></li>
+      <li><a href="http://localhost:1313/posts/index.xml">RSS</a></li>
+      <li><a href="http://localhost:1313/sitemap.xml">Sitemap</a></li>
     </ul>
   </nav>
 </div>

diff --git a/public/CVEX-2023-28155/index.html b/public/CVEX-2023-28155/index.html
@@ -7,15 +7,15 @@
 <meta name="description" content="The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). This vulnerability only affects products that are no longer supported by the maintainer." />
 <meta name="keywords" content="" />
 <meta name="robots" content="noodp" />
-<link rel="canonical" href="//localhost:1313/CVEX-2023-28155/" />
+<link rel="canonical" href="http://localhost:1313/CVEX-2023-28155/" />
 <meta property="og:locale" content="en" />
 <meta property="og:title" content="CVEX-2023-28155 :: Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:description" content="The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). This vulnerability only affects products that are no longer supported by the maintainer." />
   <meta property="og:type" content="article" />
     <meta property="article:published_time" content="2024-05-27 15:34:00 -0700 PDT" />
     <meta property="article:modified_time" content="2024-05-27 15:34:00 PDT" />
   <meta property="article:author" content="Common Vulneravilities and Exposures with Exploits" />
-<meta property="og:url" content="//localhost:1313/CVEX-2023-28155/" />
+<meta property="og:url" content="http://localhost:1313/CVEX-2023-28155/" />
 <meta property="og:site_name" content="Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:image" content="" />
 <meta property="og:image:width" content="2048" />
@@ -31,7 +31,7 @@
   rel="stylesheet"
 />
 <link href="../CVEX-2023-28155/" rel="alternate" type="application/rss+xml" title="Common Vulneravilities and Exposures with Exploits" />
-<link rel="stylesheet" href="//localhost:1313/styles.css" />
+<link rel="stylesheet" href="http://localhost:1313/styles.css" />
 </head>
 
   <body>
@@ -41,7 +41,7 @@
 <nav class="navbar">
   <div class="navbar__first">
     <ul class="navbar__list borders">
-      <li><a href="//localhost:1313/">Home</a></li>
+      <li><a href="http://localhost:1313/">Home</a></li>
       <li><a href="../research/">Statement</a></li>
       <li><a href="../directoryv1/">CVEX 1.0 Directory</a></li>
       <li><a href="../directoryv2/">CVEX 2.0 Directory</a></li>
@@ -63,7 +63,7 @@
 </header>
         <main class="site-main"><article class="post">
     <header class="post-header">
-        <h1 class="post-title"><a href="//localhost:1313/CVEX-2023-28155/">CVEX-2023-28155</a></h1>
+        <h1 class="post-title"><a href="http://localhost:1313/CVEX-2023-28155/">CVEX-2023-28155</a></h1>
         <div class="post-meta">
             <time pubdate datetime="2024-05-27 15:34:00 PDT">
               Published on
@@ -86,14 +86,14 @@ <h1 class="post-title"><a href="//localhost:1313/CVEX-2023-28155/">CVEX-2023-281
         </main>
         <footer class="site-footer">
 <p class="buildinfo">
-  <time datetime="2024-06-02 16:35:08 PDT">Site built on: 2024-06-02 16:35:08 PDT</time>
+  <time datetime="2024-06-02 16:42:18 PDT">Site built on: 2024-06-02 16:42:18 PDT</time>
 </p>
 <div class="copyright">
   <p></p>
   <nav class="navbar">
     <ul class="navbar__list">
-      <li><a href="//localhost:1313/posts/index.xml">RSS</a></li>
-      <li><a href="//localhost:1313/sitemap.xml">Sitemap</a></li>
+      <li><a href="http://localhost:1313/posts/index.xml">RSS</a></li>
+      <li><a href="http://localhost:1313/sitemap.xml">Sitemap</a></li>
     </ul>
   </nav>
 </div>

diff --git a/public/CVEX-2023-31419/index.html b/public/CVEX-2023-31419/index.html
@@ -7,15 +7,15 @@
 <meta name="description" content="A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service." />
 <meta name="keywords" content="" />
 <meta name="robots" content="noodp" />
-<link rel="canonical" href="//localhost:1313/CVEX-2023-31419/" />
+<link rel="canonical" href="http://localhost:1313/CVEX-2023-31419/" />
 <meta property="og:locale" content="en" />
 <meta property="og:title" content="CVEX-2023-31419 :: Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:description" content="A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service." />
   <meta property="og:type" content="article" />
     <meta property="article:published_time" content="2024-05-27 15:34:00 -0700 PDT" />
     <meta property="article:modified_time" content="2024-05-27 15:34:00 PDT" />
   <meta property="article:author" content="Common Vulneravilities and Exposures with Exploits" />
-<meta property="og:url" content="//localhost:1313/CVEX-2023-31419/" />
+<meta property="og:url" content="http://localhost:1313/CVEX-2023-31419/" />
 <meta property="og:site_name" content="Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:image" content="" />
 <meta property="og:image:width" content="2048" />
@@ -31,7 +31,7 @@
   rel="stylesheet"
 />
 <link href="../CVEX-2023-31419/" rel="alternate" type="application/rss+xml" title="Common Vulneravilities and Exposures with Exploits" />
-<link rel="stylesheet" href="//localhost:1313/styles.css" />
+<link rel="stylesheet" href="http://localhost:1313/styles.css" />
 </head>
 
   <body>
@@ -41,7 +41,7 @@
 <nav class="navbar">
   <div class="navbar__first">
     <ul class="navbar__list borders">
-      <li><a href="//localhost:1313/">Home</a></li>
+      <li><a href="http://localhost:1313/">Home</a></li>
       <li><a href="../research/">Statement</a></li>
       <li><a href="../directoryv1/">CVEX 1.0 Directory</a></li>
       <li><a href="../directoryv2/">CVEX 2.0 Directory</a></li>
@@ -63,7 +63,7 @@
 </header>
         <main class="site-main"><article class="post">
     <header class="post-header">
-        <h1 class="post-title"><a href="//localhost:1313/CVEX-2023-31419/">CVEX-2023-31419</a></h1>
+        <h1 class="post-title"><a href="http://localhost:1313/CVEX-2023-31419/">CVEX-2023-31419</a></h1>
         <div class="post-meta">
             <time pubdate datetime="2024-05-27 15:34:00 PDT">
               Published on
@@ -86,14 +86,14 @@ <h1 class="post-title"><a href="//localhost:1313/CVEX-2023-31419/">CVEX-2023-314
         </main>
         <footer class="site-footer">
 <p class="buildinfo">
-  <time datetime="2024-06-02 16:35:08 PDT">Site built on: 2024-06-02 16:35:08 PDT</time>
+  <time datetime="2024-06-02 16:42:18 PDT">Site built on: 2024-06-02 16:42:18 PDT</time>
 </p>
 <div class="copyright">
   <p></p>
   <nav class="navbar">
     <ul class="navbar__list">
-      <li><a href="//localhost:1313/posts/index.xml">RSS</a></li>
-      <li><a href="//localhost:1313/sitemap.xml">Sitemap</a></li>
+      <li><a href="http://localhost:1313/posts/index.xml">RSS</a></li>
+      <li><a href="http://localhost:1313/sitemap.xml">Sitemap</a></li>
     </ul>
   </nav>
 </div>

diff --git a/public/categories/index.html b/public/categories/index.html
@@ -7,12 +7,12 @@
 <meta name="description" content="" />
 <meta name="keywords" content="" />
 <meta name="robots" content="noodp" />
-<link rel="canonical" href="//localhost:1313/categories/" />
+<link rel="canonical" href="http://localhost:1313/categories/" />
 <meta property="og:locale" content="en" />
 <meta property="og:title" content="Categories :: Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:description" content="" />
   <meta property="og:type" content="website" />
-<meta property="og:url" content="//localhost:1313/categories/" />
+<meta property="og:url" content="http://localhost:1313/categories/" />
 <meta property="og:site_name" content="Common Vulneravilities and Exposures with Exploits" />
 <meta property="og:image" content="" />
 <meta property="og:image:width" content="2048" />
@@ -28,7 +28,7 @@
   rel="stylesheet"
 />
 <link href="../categories/" rel="alternate" type="application/rss+xml" title="Common Vulneravilities and Exposures with Exploits" />
-<link rel="stylesheet" href="//localhost:1313/styles.css" />
+<link rel="stylesheet" href="http://localhost:1313/styles.css" />
 </head>
 
   <body>
@@ -38,7 +38,7 @@
 <nav class="navbar">
   <div class="navbar__first">
     <ul class="navbar__list borders">
-      <li><a href="//localhost:1313/">Home</a></li>
+      <li><a href="http://localhost:1313/">Home</a></li>
       <li><a href="../research/">Statement</a></li>
       <li><a href="../directoryv1/">CVEX 1.0 Directory</a></li>
       <li><a href="../directoryv2/">CVEX 2.0 Directory</a></li>
@@ -71,14 +71,14 @@ <h1 class="post-title">
         </main>
         <footer class="site-footer">
 <p class="buildinfo">
-  <time datetime="2024-06-02 16:35:08 PDT">Site built on: 2024-06-02 16:35:08 PDT</time>
+  <time datetime="2024-06-02 16:42:18 PDT">Site built on: 2024-06-02 16:42:18 PDT</time>
 </p>
 <div class="copyright">
   <p></p>
   <nav class="navbar">
     <ul class="navbar__list">
-      <li><a href="//localhost:1313/posts/index.xml">RSS</a></li>
-      <li><a href="//localhost:1313/sitemap.xml">Sitemap</a></li>
+      <li><a href="http://localhost:1313/posts/index.xml">RSS</a></li>
+      <li><a href="http://localhost:1313/sitemap.xml">Sitemap</a></li>
     </ul>
   </nav>
 </div>