What is a vbd unique challenge?
In some ToE’s there are various codes of vulnerabilities that are the same but with different name, they are unique?
There are two different things: CWE codes and challenges. A single vbd may have several vulnerabilities (say, several types of SQL injection) with the same CWE code. Each of those vulnerabilities represents a challenge (this is what you called “name” in your question). Your solution to any of those challenges will be considered unique if no other solution for the same challenge exists in our repository, be it as a Gherkin feature file or as a link in the OTHERS.lst file of the corresponding challenge.
2 Likes
Thank you for asking this!
We noticed that the uniqueness section was missing. Make sure to take a look at the new added section in the wiki: https://gitlab.com/fluidattacks/writeups/wikis/Submission#4-uniqueness
@elder-lich If this topic is solved, please mark it as such by checking the solution chart at the bottom of the post you consider that properly answers your question.
Based on your answer, how will I know the CWE code? For example, I want to solve the VulnHub x machine and I see that it has 2 vulnerabilities, one of SQL injection and the other of XSS, so I have to put two CWE encodings of those two vulnerabilities and, if so, which is code?
Thank you.