feat: migrate to use MCP tools instead of helper scripts
This commit is contained in:
@@ -19,30 +19,11 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Use the save_deliverable script to create your evidence:
|
||||
Use the save_deliverable MCP tool to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_EVIDENCE '# Authorization Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** authz-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test authorization vulnerability
|
||||
- **Method:** Privilege escalation via direct object reference
|
||||
- **Evidence:** Successfully accessed admin panel with user-level privileges
|
||||
- **Impact:** Demonstrated unauthorized access to privileged functionality
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** AUTHZ-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Insecure Direct Object Reference (IDOR)
|
||||
- **Escalation Method:** User ID manipulation in API calls'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTHZ_EVIDENCE"`
|
||||
- `content: "# Authorization Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls"`
|
||||
|
||||
This will automatically create `deliverables/authz_exploitation_evidence.md`.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user