update monkeytype coordinated disclosure

obsrva · Sep 9, 2021 · 24264e3 · 24264e3
1 parent 60c03e3
commit 24264e3
Show file tree

Hide file tree

Showing 16 changed files with 70 additions and 178 deletions.
diff --git a/README.md b/README.md
@@ -15,8 +15,8 @@ Obsrva engages vendors of hardware, software, and internet-based services in coo
 ## Vulnerability Advisories  
 Obsrva coordinates with product vendors to publish vulnerability advisories on obsrva.org/advisories. Advisories allow customers, blue and red team operators, and the broader research community to access technical details and research methodology.  
 
-1.  [CVE-2021-3441](/about/2021/08/22/CVE-2021-3441.html)
-2.  [CVE-2021-35956](/about/2021/06/06/CVE-2021-35956.html)
+1.  [CVE-2021-3441](/2021/08/22/CVE-2021-3441.html)
+2.  [CVE-2021-35956](/2021/06/06/CVE-2021-35956.html)
 
 ## Proof of Concept Exploits  
 Obsrva develops proof of concept exploits for discovered vulnerabilities and publishes them on the exploit database (exploit-db.com). PoC’s can also be found on GitHub where PR’s are welcome for the community to collaborate. 

diff --git a/_includes/components/banner.html b/_includes/components/banner.html
@@ -22,7 +22,7 @@
               <br/>
               Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
             </p>
-            <a href="/about/2021/06/06/CVE-2021-35956.html"><button type="button" class="btn btn-dark btn-sm">Read More</button></a>
+            <a href="/2021/06/06/CVE-2021-35956.html"><button type="button" class="btn btn-dark btn-sm">Read More</button></a>
           </div>
         </div>
         <div class="usa-banner__guidance tablet:grid-col-6">
@@ -33,7 +33,7 @@
               <br/>
               Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630  e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.
             </p>
-            <a href="/about/2021/08/22/CVE-2021-3441.html"><button type="button" class="btn btn-dark btn-sm">Read More</button></a>
+            <a href="/2021/08/22/CVE-2021-3441.html"><button type="button" class="btn btn-dark btn-sm">Read More</button></a>
           </div>
         </div>
       </div>

diff --git a/_layouts/default.html b/_layouts/default.html
@@ -78,7 +78,7 @@ <h2 class="accordion-header" id="headingOne">
                   <p><strong>Overview:</strong> Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the <code>printer name</code> and <code>printer location</code> fields.</p>
                   <p> <strong>Credit: </strong> Tyler Butler</p>
                   <p> <strong>Disclosure Date: </strong>2021-08-22</p>
-                  <p><strong> Advisory Link: </strong> <a href="/about/2021/08/22/CVE-2021-3441.html">CVE-2021-3441</a></p>
+                  <p><strong> Advisory Link: </strong> <a href="/2021/08/22/CVE-2021-3441.html">CVE-2021-3441</a></p>
                 </div>
               </div>
             </div>
@@ -94,7 +94,7 @@ <h2 class="accordion-header" id="headingTwo">
                   <p><strong>Overview:</strong> Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the <code>Sensor Description</code>, <code>Email (from/to/cc)</code>, <code>System Name</code>, and <code>System Location</code> fields.</p>
                   <p> <strong>Credit: </strong> Tyler Butler</p>
                   <p> <strong>Disclosure Date: </strong> 2021-06-06</p>
-                  <p><strong> Advisory Link: </strong> <a href="/about/2021/06/06/CVE-2021-35956.html">CVE-2021-35956</a></p>
+                  <p><strong> Advisory Link: </strong> <a href="/2021/06/06/CVE-2021-35956.html">CVE-2021-35956</a></p>
                 </div>
               </div>
             </div>
@@ -142,7 +142,7 @@ <h5 class="card-title"><a href="{{post.url}}" style="color:black;text-decoration
                   <a href="{{post.exploit_db}}"><i class="fas fa-book-dead"></i></a>
                   {% endif %} -->
                   <p class="card-text">{{post.date | date: "%b %d, %Y"}} —{{post.lead}}</p>
-                  <p class="card-text"><div class="avatar"></div>
+                  <a href="/team#tyler_butler"><p class="card-text"><div class="avatar"></div></a>
                 </div>
             </a>
           </div>

diff --git a/_layouts/page.html b/_layouts/page.html
@@ -14,8 +14,8 @@
         </div>
       {% endif %}
 
-      <main class="usa-layout-docs usa-layout-docs__main usa-prose{% if sidenav %} desktop:grid-col-9{% endif %}" id="main-content">
-          <div class="card mb-3 border-0" style="width: 100%;">
+      <main class="usa-layout-docs usa-layout-docs__main usa-prose{% if sidenav %} desktop:grid-col-9{% endif %}" id="main-content" style="font-family: Verdana;">
+          <!-- <div class="card mb-3 border-0" style="width: 100%;">
             <div class="row g-0">
               <div class="col-md-4">
                 <img src="{{page.img}}" class="img-fluid rounded-start" alt="...">
@@ -31,7 +31,7 @@ <h2 class="card-title"><a href="{{page.url}}" style="color:black;text-decoration
                 </div>
               </div>
             </div>
-          </div>
+          </div> -->
         {{ content }}
       </main>
     </div>

diff --git a/_posts/2021-03-05-2021-PHP-TimeClock-SQLi-POC.md b/_posts/2021-03-05-2021-PHP-TimeClock-SQLi-POC.md
@@ -2,7 +2,7 @@
 layout: cve
 title:  "PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection"
 date: 2021-08-22 09:34:43 -0400
-categories: "About"
+categories: 
 author: Tyler Butler
 description: Proof of concept exploit for PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
 lead: Proof of concept exploit for PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection

diff --git a/_posts/2021-03-05-2021-PHP-TimeClock-XSS-POC.md b/_posts/2021-03-05-2021-PHP-TimeClock-XSS-POC.md
@@ -2,7 +2,7 @@
 layout: cve
 title:  "PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)"
 date: 2021-08-22 09:34:43 -0400
-categories: "About"
+categories: 
 author: Tyler Butler
 description: Proof of concept exploit for PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
 lead: Proof of concept exploit for PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)

diff --git a/_posts/2021-06-06-CVE-2021-35956.md b/_posts/2021-06-06-CVE-2021-35956.md
@@ -2,7 +2,7 @@
 layout: cve
 title:  "AKCP sensorProbe - 'Multiple' Cross Site Scripting (XSS)"
 date: 2021-06-06 09:34:43 -0400
-categories: "About"
+categories: 
 author: Tyler Butler
 cve: CVE-2021-35956 
 nist: https://nvd.nist.gov/vuln/detail/CVE-2021-35956

diff --git a/_posts/2021-07-01-2021-AKCP-SensorProbe-XSS-POC.md b/_posts/2021-07-01-2021-AKCP-SensorProbe-XSS-POC.md
@@ -2,7 +2,7 @@
 layout: cve
 title:  "AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)"
 date: 2021-08-22 09:34:43 -0400
-categories: "About"
+categories: 
 author: Tyler Butler
 description: Proof of concept exploit for AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
 lead: Proof of concept exploit for AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)

diff --git a/_posts/2021-08-22-CVE-2021-3441-POC.md b/_posts/2021-08-22-CVE-2021-3441-POC.md
@@ -2,13 +2,13 @@
 layout: cve
 title:  "CVE-2021-3441 Proof of Concept Exploit"
 date: 2021-08-22 09:34:43 -0400
-categories: "About"
+categories: 
 author: Tyler Butler
 description: Proof of concept exploit for CVE-2021-3441- HP OfficeJet 4630 Unauthenticated Stored Cross-Site Scripting (XSS)
 lead: Proof of concept exploit for CVE-2021-3441- HP OfficeJet 4630 Unauthenticated Stored Cross-Site Scripting (XSS)
 tag: poc 
 language: python
-advisory: /about/2021/08/22/CVE-2021-3441.html
+advisory: /2021/08/22/CVE-2021-3441.html
 
 hero:
   image: /assets/uswds/img/camera.png

diff --git a/_posts/2021-08-22-CVE-2021-3441.md b/_posts/2021-08-22-CVE-2021-3441.md
@@ -6,7 +6,7 @@ cve: CVE-2021-3441
 nist: https://nvd.nist.gov/vuln/detail/CVE-2021-3441
 exploit_db: https://www.exploit-db.com/exploits/50227
 img: /assets/img/posts/2021-08-22-CVE-2021-3441/hp_preview.png
-categories: "About"
+categories: 
 author: Tyler Butler
 description: Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.
 lead: Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

diff --git a/_posts/2021-08-22-MONKEYTYPE-Disclosure.md b/_posts/2021-08-22-MONKEYTYPE-Disclosure.md