0.3.2.4

CHANGELOG.md

@@ -1,5 +1,19 @@
 ## 更新日志
 
+### v0.3.2.4
+
+更新时间：2021-06-11
+
+- 更新3个漏洞镜像。
+- 新增官网域名 `vulfocus.io`、`vulfocus.club`
+- 新增漏洞镜像规范。
+- 新增一键更新官方镜像信息功能。
+- 新增 Rank、漏洞类型筛选功能。
+- 修改创建计时模式页面。
+- 修复页面缩放留白问题。[#156](https://github.com/fofapro/vulfocus/issues/156)
+- 修复启动计时模式后首页可以搜索查询到不在计时模式中的镜像的Bug。
+- 修复积分排行榜无法区分多个相同时间的计时模式问题。
+
 ### v0.3.2.3
 
 更新时间：2021-06-05

Vulfous-standard.md

@@ -0,0 +1,105 @@
+# Vulfocus 环境信息规范
+
+未解决 Vulfocus 漏洞环境相关命名不一致问题，现在通过该方案来解决问题。另外，依据约束力强弱及故障敏感性，规约依次分为【重要】、【强制】、【推荐】、【参考】四大类。在延伸信息中，“说明”对规约做了适当扩展和解释; “正例”提倡什么样的编码和实现方式；“反例”说明需要提防的雷区，以及真实的错误案例。
+
+
+| 版本号 | 制定团队      | 修改/制定人 | 更新时间   | 备注                           |
+| ------ | ------------- | ----------- | ---------- | ------------------------------ |
+| 1.0.0  | Vulfocus 团队 | r4v3zn      | 2021-06-09 | 首次发布 Vulfocus 环境信息规范 |
+
+
+## 漏洞名称
+
+1. **【重要】**漏洞名称命名规则：系统名称+漏洞类型+（漏洞编号）。
+
+正例：
+
+```
+Weblogic 远程命令执行（CVE-2020-2883）
+Tomcat 文件包含（CVE-2020-1938）
+Tomcat 任意写入文件漏洞（CVE-2017-12615）
+```
+
+2. **【重要】**英文与中文之间必须通过“空格”分割。
+
+正例：
+
+```
+Weblogic 远程命令执行（CVE-2020-2883）
+```
+
+反例：
+
+```
+Weblogic远程命令执行（CVE-2020-2883）
+```
+
+3. **【强制】**漏洞编号中的括号必须为`（）`中文括号。
+
+## 漏洞描述
+
+1. **【重要】**漏洞描述规则：产品简介+（换行）+漏洞细节（如没有漏洞细节用漏洞危害替代）+（换行）+备注（描述环境的特殊信息如登陆信息或这特殊URL等内容）三部分组成，描述完毕一段内容时必须换行。
+
+正例：
+
+```
+DokuWiki是德国软件开发者Andreas Gohr所研发的一款基于PHP的Wiki引擎，它主要用于中小团队和个人网站知识库的管理，并提供版本控制、全文检索和权限控制等功能。
+DokuWiki 2016-06-26a及之前的版本中的/inc/HTTPClient.php文件中的HTTPClient Class中的‘sendRequest’方法存在跨站请求伪造漏洞，该漏洞源于程序未能限制对专用网络的访问。攻击者可通过SSRF利用该漏洞扫描内部网络端口，例如：10.0.0.1/8，172.16.0.0/12，192.168.0.0/16。
+
+Freefloat FTP Server是瑞典Freefloat公司的一套免费的用于上传文件和管理有线及无线设备的软件。
+FreeFloat FTP Server 1.0版本中存在缓冲区溢出漏洞。远程攻击者可借助RMD命令中的长字符串利用该漏洞执行任意代码。
+```
+
+2. **【重要】**产品简介必须单独写一段，禁止使用夸张的语言描述漏洞简介。
+
+正例：
+
+```
+DokuWiki是德国软件开发者 Andreas Gohr 所研发的一款基于 PHP 的 Wiki 引擎，它主要用于中小团队和个人网站知识库的管理，并提供版本控制、全文检索和权限控制等功能。
+Freefloat FTP Server是瑞典Freefloat公司的一套免费的用于上传文件和管理有线及无线设备的软件。
+```
+
+反例：
+
+```
+海洋CMS又名SEACMS，完全开源免费，自适应电脑、手机、平板、APP多终端，无加密、更安全，是您最佳的建站工具!
+ThinkCMF是一款支持Swoole的开源内容管理框架(CMF)，基于ThinkPHP开发,我们一直秉承ThinkPHP大道至简的理念，坚持做最简约的ThinkPHP开源软件,多应用化开发方式,让您更快地完成自己的创业项目！
+```
+
+## 漏洞分类
+
+1. **【重要】**漏洞分类必须根据漏洞实际类型进行选择。
+
+## Rank
+
+1. **【重要】** Rank 值最高为5分。
+2. **【重要】**Rank 必须根据漏洞实际类型以及漏洞利用复杂度评判。漏洞类型最高占比3分，漏洞复杂度占2分。详细规则如下：
+
+漏洞分类：
+
+| 漏洞类型   | 分值 |
+| ---------- | ---- |
+| 命令执行   | 1.0  |
+| 代码执行   | 1.0  |
+| 文件写入   | 1.5  |
+| 文件上传   | 1.5  |
+| 后门       | 1.5  |
+| 默认口令   | 2.0  |
+| 弱口令     | 2.0  |
+| 权限绕过   | 2.5  |
+| 未授权访问 | 1.5  |
+| XXE 漏洞   | 3.0  |
+| SQL 注入   | 3.0  |
+| 文件读取   | 1.0  |
+| 文件下载   | 1.0  |
+| 文件包含   | 1.0  |
+| 目录遍历   | 1.0  |
+
+漏洞复杂度：
+
+| 复杂度 | 权限要求 | 用户交互 | 分值 |
+| ------ | -------- | -------- | ---- |
+| 低     | 无       | 不需要   | 1.0  |
+| 中     | 无       | 需要     | 1.5  |
+| 高     | 有       | 需要     | 2.0  |
+

_sidebar.md

@@ -1,5 +1,6 @@
 * [Vulfocus]()
 * [安装](INSTALL.md)
+* [漏洞镜像规范](_sidebar.md)
 
 * Writeup
 

dist/index.html

@@ -1,2 +1,2 @@
-<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><link rel=icon href=/favicon.ico><title>vulfocus</title><link href=/static/css/chunk-elementUI.b80cec6e.css rel=stylesheet><link href=/static/css/chunk-libs.39c2b454.css rel=stylesheet><link href=/static/css/app.56499025.css rel=stylesheet></head><body><noscript><strong>We're sorry but vulfocus doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id=app></div><script src=/static/js/chunk-elementUI.d9f8bd98.js></script><script src=/static/js/chunk-libs.9daa45ff.js></script><script>(function(e){function n(n){for(var c,r,f=n[0],o=n[1],h=n[2],d=0,i=[];d<f.length;d++)r=f[d],u[r]&&i.push(u[r][0]),u[r]=0;for(c in o)Object.prototype.hasOwnProperty.call(o,c)&&(e[c]=o[c]);l&&l(n);while(i.length)i.shift()();return a.push.apply(a,h||[]),t()}function t(){for(var e,n=0;n<a.length;n++){for(var t=a[n],c=!0,r=1;r<t.length;r++){var f=t[r];0!==u[f]&&(c=!1)}c&&(a.splice(n--,1),e=o(o.s=t[0]))}return e}var c={},r={runtime:0},u={runtime:0},a=[];function f(e){return o.p+"static/js/"+({}[e]||e)+"."+{"chunk-01170188":"b38bff8f","chunk-29c81979":"86b80f90","chunk-06a255f6":"e4b78637","chunk-245f84f9":"a61882d8","chunk-2d0a4bac":"eb7228fb","chunk-2d0bb1fd":"e2cfc754","chunk-3a34416c":"3481391d","chunk-433502ae":"e08470c2","chunk-4de1c2b6":"68deb3f0","chunk-531b1983":"e944b879","chunk-63140e38":"ee106b64","chunk-6e9243ef":"ab4f456d","chunk-74c522f5":"2f989778","chunk-9690b800":"946f0763","chunk-aa997be4":"21f4d7a0","chunk-b7fe23c0":"42f1cd69","chunk-dc51e700":"c99dd047","chunk-26d3c488":"34d5ae68","chunk-eeb0b196":"1fce508f"}[e]+".js"}function o(n){if(c[n])return c[n].exports;var t=c[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=[],t={"chunk-29c81979":1,"chunk-06a255f6":1,"chunk-245f84f9":1,"chunk-3a34416c":1,"chunk-433502ae":1,"chunk-4de1c2b6":1,"chunk-74c522f5":1,"chunk-aa997be4":1,"chunk-b7fe23c0":1,"chunk-26d3c488":1};r[e]?n.push(r[e]):0!==r[e]&&t[e]&&n.push(r[e]=new Promise((function(n,t){for(var c="static/css/"+({}[e]||e)+"."+{"chunk-01170188":"31d6cfe0","chunk-29c81979":"5806e59f","chunk-06a255f6":"0a23c0c3","chunk-245f84f9":"22b3582c","chunk-2d0a4bac":"31d6cfe0","chunk-2d0bb1fd":"31d6cfe0","chunk-3a34416c":"69a4d86b","chunk-433502ae":"52caa040","chunk-4de1c2b6":"a37cd815","chunk-531b1983":"31d6cfe0","chunk-63140e38":"31d6cfe0","chunk-6e9243ef":"31d6cfe0","chunk-74c522f5":"3375552b","chunk-9690b800":"31d6cfe0","chunk-aa997be4":"d6a08db3","chunk-b7fe23c0":"e22f3f54","chunk-dc51e700":"31d6cfe0","chunk-26d3c488":"c9e5910f","chunk-eeb0b196":"31d6cfe0"}[e]+".css",u=o.p+c,a=document.getElementsByTagName("link"),f=0;f<a.length;f++){var h=a[f],d=h.getAttribute("data-href")||h.getAttribute("href");if("stylesheet"===h.rel&&(d===c||d===u))return n()}var i=document.getElementsByTagName("style");for(f=0;f<i.length;f++){h=i[f],d=h.getAttribute("data-href");if(d===c||d===u)return n()}var l=document.createElement("link");l.rel="stylesheet",l.type="text/css",l.onload=n,l.onerror=function(n){var c=n&&n.target&&n.target.src||u,a=new Error("Loading CSS chunk "+e+" failed.\n("+c+")");a.code="CSS_CHUNK_LOAD_FAILED",a.request=c,delete r[e],l.parentNode.removeChild(l),t(a)},l.href=u;var s=document.getElementsByTagName("head")[0];s.appendChild(l)})).then((function(){r[e]=0})));var c=u[e];if(0!==c)if(c)n.push(c[2]);else{var a=new Promise((function(n,t){c=u[e]=[n,t]}));n.push(c[2]=a);var h,d=document.createElement("script");d.charset="utf-8",d.timeout=120,o.nc&&d.setAttribute("nonce",o.nc),d.src=f(e),h=function(n){d.onerror=d.onload=null,clearTimeout(i);var t=u[e];if(0!==t){if(t){var c=n&&("load"===n.type?"missing":n.type),r=n&&n.target&&n.target.src,a=new Error("Loading chunk "+e+" failed.\n("+c+": "+r+")");a.type=c,a.request=r,t[1](a)}u[e]=void 0}};var i=setTimeout((function(){h({type:"timeout",target:d})}),12e4);d.onerror=d.onload=h,document.head.appendChild(d)}return Promise.all(n)},o.m=e,o.c=c,o.d=function(e,n,t){o.o(e,n)||Object.defineProperty(e,n,{enumerable:!0,get:t})},o.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,n){if(1&n&&(e=o(e)),8&n)return e;if(4&n&&"object"===typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(o.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&n&&"string"!=typeof e)for(var c in e)o.d(t,c,function(n){return e[n]}.bind(null,c));return t},o.n=function(e){var n=e&&e.__esModule?function(){return e["default"]}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},o.p="/",o.oe=function(e){throw console.error(e),e};var h=window["webpackJsonp"]=window["webpackJsonp"]||[],d=h.push.bind(h);h.push=n,h=h.slice();for(var i=0;i<h.length;i++)n(h[i]);var l=d;t()})([]);
-//# sourceMappingURL=runtime.6a577ad9.js.map</script><script src=/static/js/app.21821bb9.js></script></body></html>
+<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><link rel=icon href=/favicon.ico><title>vulfocus</title><link href=/static/css/chunk-elementUI.b80cec6e.css rel=stylesheet><link href=/static/css/chunk-libs.39c2b454.css rel=stylesheet><link href=/static/css/app.56499025.css rel=stylesheet></head><body><noscript><strong>We're sorry but vulfocus doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id=app></div><script src=/static/js/chunk-elementUI.7d023ba2.js></script><script src=/static/js/chunk-libs.1893f287.js></script><script>(function(e){function n(n){for(var t,r,f=n[0],d=n[1],o=n[2],h=0,i=[];h<f.length;h++)r=f[h],u[r]&&i.push(u[r][0]),u[r]=0;for(t in d)Object.prototype.hasOwnProperty.call(d,t)&&(e[t]=d[t]);l&&l(n);while(i.length)i.shift()();return a.push.apply(a,o||[]),c()}function c(){for(var e,n=0;n<a.length;n++){for(var c=a[n],t=!0,r=1;r<c.length;r++){var f=c[r];0!==u[f]&&(t=!1)}t&&(a.splice(n--,1),e=d(d.s=c[0]))}return e}var t={},r={runtime:0},u={runtime:0},a=[];function f(e){return d.p+"static/js/"+({}[e]||e)+"."+{"chunk-0cd7d520":"f0434681","chunk-0df3f983":"e7b89bbf","chunk-0e8d4d27":"28b87cf3","chunk-1fa5bbef":"b82e92f6","chunk-211f12c0":"e1c6a4f0","chunk-238ae7cc":"fdac7e7e","chunk-24dac6a8":"0bb5c079","chunk-2d0a4bac":"eaa5899f","chunk-2d0bb1fd":"122ddcfe","chunk-325eb7df":"c0b373c1","chunk-454f3ad1":"af65855c","chunk-531b1983":"894720c3","chunk-7cd7f22e":"2f7eefe7","chunk-90ea5208":"cf3382d1","chunk-91a1946c":"36426875","chunk-c102abac":"e65ad097","chunk-de064526":"224ae828","chunk-3626b8c4":"4ea80d00","chunk-3709a07f":"e45ce96e"}[e]+".js"}function d(n){if(t[n])return t[n].exports;var c=t[n]={i:n,l:!1,exports:{}};return e[n].call(c.exports,c,c.exports,d),c.l=!0,c.exports}d.e=function(e){var n=[],c={"chunk-0cd7d520":1,"chunk-1fa5bbef":1,"chunk-211f12c0":1,"chunk-238ae7cc":1,"chunk-24dac6a8":1,"chunk-454f3ad1":1,"chunk-91a1946c":1,"chunk-c102abac":1,"chunk-de064526":1,"chunk-3626b8c4":1};r[e]?n.push(r[e]):0!==r[e]&&c[e]&&n.push(r[e]=new Promise((function(n,c){for(var t="static/css/"+({}[e]||e)+"."+{"chunk-0cd7d520":"5085f1a4","chunk-0df3f983":"31d6cfe0","chunk-0e8d4d27":"31d6cfe0","chunk-1fa5bbef":"0bfd3b40","chunk-211f12c0":"d6edd1b6","chunk-238ae7cc":"a37cd815","chunk-24dac6a8":"3df8d61f","chunk-2d0a4bac":"31d6cfe0","chunk-2d0bb1fd":"31d6cfe0","chunk-325eb7df":"31d6cfe0","chunk-454f3ad1":"3375552b","chunk-531b1983":"31d6cfe0","chunk-7cd7f22e":"31d6cfe0","chunk-90ea5208":"31d6cfe0","chunk-91a1946c":"f00782aa","chunk-c102abac":"2dd3fa74","chunk-de064526":"21fd7799","chunk-3626b8c4":"bd1e1f98","chunk-3709a07f":"31d6cfe0"}[e]+".css",u=d.p+t,a=document.getElementsByTagName("link"),f=0;f<a.length;f++){var o=a[f],h=o.getAttribute("data-href")||o.getAttribute("href");if("stylesheet"===o.rel&&(h===t||h===u))return n()}var i=document.getElementsByTagName("style");for(f=0;f<i.length;f++){o=i[f],h=o.getAttribute("data-href");if(h===t||h===u)return n()}var l=document.createElement("link");l.rel="stylesheet",l.type="text/css",l.onload=n,l.onerror=function(n){var t=n&&n.target&&n.target.src||u,a=new Error("Loading CSS chunk "+e+" failed.\n("+t+")");a.code="CSS_CHUNK_LOAD_FAILED",a.request=t,delete r[e],l.parentNode.removeChild(l),c(a)},l.href=u;var s=document.getElementsByTagName("head")[0];s.appendChild(l)})).then((function(){r[e]=0})));var t=u[e];if(0!==t)if(t)n.push(t[2]);else{var a=new Promise((function(n,c){t=u[e]=[n,c]}));n.push(t[2]=a);var o,h=document.createElement("script");h.charset="utf-8",h.timeout=120,d.nc&&h.setAttribute("nonce",d.nc),h.src=f(e),o=function(n){h.onerror=h.onload=null,clearTimeout(i);var c=u[e];if(0!==c){if(c){var t=n&&("load"===n.type?"missing":n.type),r=n&&n.target&&n.target.src,a=new Error("Loading chunk "+e+" failed.\n("+t+": "+r+")");a.type=t,a.request=r,c[1](a)}u[e]=void 0}};var i=setTimeout((function(){o({type:"timeout",target:h})}),12e4);h.onerror=h.onload=o,document.head.appendChild(h)}return Promise.all(n)},d.m=e,d.c=t,d.d=function(e,n,c){d.o(e,n)||Object.defineProperty(e,n,{enumerable:!0,get:c})},d.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},d.t=function(e,n){if(1&n&&(e=d(e)),8&n)return e;if(4&n&&"object"===typeof e&&e&&e.__esModule)return e;var c=Object.create(null);if(d.r(c),Object.defineProperty(c,"default",{enumerable:!0,value:e}),2&n&&"string"!=typeof e)for(var t in e)d.d(c,t,function(n){return e[n]}.bind(null,t));return c},d.n=function(e){var n=e&&e.__esModule?function(){return e["default"]}:function(){return e};return d.d(n,"a",n),n},d.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},d.p="/",d.oe=function(e){throw console.error(e),e};var o=window["webpackJsonp"]=window["webpackJsonp"]||[],h=o.push.bind(o);o.push=n,o=o.slice();for(var i=0;i<o.length;i++)n(o[i]);var l=h;c()})([]);
+//# sourceMappingURL=runtime.f77869b3.js.map</script><script src=/static/js/app.387ce4e5.js></script></body></html>