You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda to cd into a Dagda directory.
root@we45:~# cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda
root@we45:~/container_training/Container/Container-Vulnerability-Assessment/Dagda#
Step 3:
Run docker run -d -p 27017:27017 -v dagda_db:/data/db --name mongodb mongo for dagda related requisites.
Run cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda, where dagda.py file exists.
(venv)root@we45:~# cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda
(venv)root@we45:~/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda#
Step 7:
Run python3 dagda.py start to start the dagda server
Open Another Tab and navigate to /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda/ and set the necessary environment variables
root@we45:~# cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda/
root@we45:~/container_training/Container/Container-Vulnerability-Assessment/Dagda#
Step 9:
Run source venv/bin/activate to activate the virtualenv.
Run cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda, where dagda.py file exists.
(venv)root@we45:~# cd /home/we45/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda
(venv)root@we45:~/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda#
Step 11:
Run python3 dagda.py vuln --cve_info CVE-2009-2890
(venv)root@we45:~/container_training/Container/Container-Vulnerability-Assessment/Dagda/dagda/dagda# python3 dagda.py vuln --cve_info CVE-2009-2890
[
{
"cveid": "CVE-2009-2890",
"cvss_access_complexity": "Medium",
"cvss_access_vector": "Network",
"cvss_authentication": "None required",
"cvss_availability_impact": "None",
"cvss_base": 4.3,
"cvss_confidentiality_impact": "None",
"cvss_exploit": 8.6,
"cvss_impact": 2.9,
"cvss_integrity_impact": "Partial",
"cvss_vector": [
"AV:N",
"AC:M",
"Au:N",
"C:N",
"I:P",
"A:N"
],
"cweid": "CWE-79",
"mod_date": "16-08-2017",
"pub_date": "20-08-2009",
"summary": "Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter."
}
]