Skip to content

Instantly share code, notes, and snippets.

@slayerlab

slayerlab/exploit-db.c

Created July 13, 2016 21:16
Show Gist options
  • Save slayerlab/21957d79e467a2c45dfcc0e6963e0441 to your computer and use it in GitHub Desktop.
Save slayerlab/21957d79e467a2c45dfcc0e6963e0441 to your computer and use it in GitHub Desktop.
Download ZIP
exploit-db rss reader - education purpose
Raw
exploit-db.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
typedef struct
{
xmlChar *name; /* exploit title */
xmlChar *link; /* exploit link */
xmlChar *description; /* exploit description */
xmlChar *category; /* exploit category */
xmlChar *pubDate; /* exploit pubDate */
xmlChar *guid; /* exploit ID */
} __xcis_t, *__xci_tp; /* type safe use in userspace */
static __xci_tp parse_exploit(xmlDocPtr doc, xmlNodePtr cur)
{
__xci_tp ret;
ret = (__xci_tp)malloc(sizeof(__xcis_t));
if (!ret) {
puts("[!] The \'item struct\' allocation has been failed.");
exit(EXIT_FAILURE);
}
memset(ret, 0, sizeof(__xcis_t));
cur = cur->xmlChildrenNode;
do {
if (!ret->name) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"title")) {
ret->name = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->name);
}
}
if (!ret->link) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"link")) {
ret->link = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->link);
}
}
if (!ret->description) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"description")) {
ret->description = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->description);
}
}
if (!ret->category) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"category")) {
ret->category = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->category);
}
}
if (!ret->pubDate) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"pubDate")) {
ret->pubDate = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
}
}
if (!ret->guid) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"guid")) {
ret->guid = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
}
}
cur = cur->next;
} while(cur);
return ret;
}
typedef struct
{
xmlChar *title;
xmlChar *link;
xmlChar *atom_link;
xmlChar *language;
xmlChar *description;
xmlChar *pub_date;
xmlChar *last_build_date;
__xci_tp channel;
} __chns_t, *__chntp;
static __chntp parse_title(xmlDocPtr doc, xmlNodePtr cur)
{
__chntp ret;
ret = (__chntp)malloc(sizeof(__chns_t));
if (!ret) {
puts("[!] The \'struct channel\' allocation has been failed.");
exit(EXIT_FAILURE);
}
memset(ret, 0, sizeof(__chns_t));
cur = cur->xmlChildrenNode;
do {
if (!ret->title) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"title")) {
ret->title = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->title);
}
}
if (!ret->link) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"link")) {
ret->link = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->link);
}
}
if (!ret->atom_link) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"link")) {
ret->atom_link = xmlGetProp(cur, (const xmlChar *)"href");
if (ret->atom_link) {
printf("%s\n", ret->atom_link);
}
}
}
if (!ret->language) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"language")) {
ret->language = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->language);
}
}
if (!ret->description) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"description")) {
ret->description = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
if (ret->description) {
printf("%s\n", ret->description);
}
}
}
if (!ret->pub_date) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"pubDate")) {
ret->pub_date = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->pub_date);
}
}
if (!ret->last_build_date) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"lastBuildDate")) {
ret->last_build_date = xmlNodeListGetString(doc, cur->xmlChildrenNode, 1);
printf("%s\n", ret->last_build_date);
}
}
if (!ret->channel) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"item")) {
ret->channel = parse_exploit(doc, cur);
}
}
cur = cur->next;
}while(cur);
return ret;
}
static void parse_header(char *filename)
{
xmlDocPtr doc;
xmlNodePtr cur;
doc = xmlParseFile(filename);
if (!doc) {
puts("[!] Deu merda.");
exit(EXIT_FAILURE);
}
cur = xmlDocGetRootElement(doc);
if (!cur) {
fprintf(stderr, "empty element\n");
xmlFreeDoc(doc);
exit(EXIT_FAILURE);
}
if (xmlStrcmp(cur->name, (const xmlChar *)"rss")) {
fprintf(stderr,"[!] rss node not found, but %s\n", cur->name);
xmlFreeDoc(doc);
exit(EXIT_FAILURE);
}
cur = cur->xmlChildrenNode;
while(cur) {
if (!xmlStrcmp(cur->name, (const xmlChar *)"channel")) {
parse_title(doc, cur);
}
cur = cur->next;
}
xmlFreeDoc(doc);
}
int main(int argc, char *argv[])
{
if (argc != 2) {
fprintf(stderr, "[!] Set a XMLfile as arg.\n");
exit(EXIT_FAILURE);
}
parse_header(argv[1]);
return 0;
}
@slayerlab
Copy link
Author

Dropping this as public 2 years later.

It's been so long since this is in "secret" mode, it was used as PoC when I was studying the LibXML.
I will not analyze this code right now, so please compile and run for me. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment