I recently had the idea to develop a public database in which unique cross-site scripting (XSS) vectors will be registered and get a reference assigned similar to the CVE system.
I made a local PoC already and registered a suitable domain to use for this purpose. I was thinking about assigning stuff like: Does this vector require other dependencies to work? For example an ID in the URL like #xss triggering an element with the HTML ID xss. Or the need to have a specific setting enabled or disabled in order for it to work. And, is this vector a known bypass of the browsers X-XSS-Protection.
But most important, I see lot of hackers testing the same XSS over and over again to check in which browsers it works and to report properly about it.
Indexed vectors allowing researchers to perform advance searches.
For example:
- Give me an XSS-vector with a max string length of 15
- Only using a-z0-9.=
- Working in the newest version of Chrome and Firefox
- Without dependencies
I would like to give users the ability to add XSS vectors and to submit test information. Also I was thinking about some kind of de-duplication technique in order to prevent duplicate XSS vectors that are obviously the same type but using another string.
The nice part is that it will be an open documentation for XSS vectors. Including the credits the the original finder/fuzzer (if known). Also people can start to use references like XSS-2016-16321 in there reports similar to CVE's.
Now I have two questions before I put serious effort in this concept.
- Is there already a similar open website, service or database doing so?
- What does the IT security community (you) think about such database?
Ultimately the full list of XSS vectors should be downloadable in various formats in order for security scanners to add it to vulnerability scanners.
