From e58daee3fc388a9d0d771c9d035e637c74895e00 Mon Sep 17 00:00:00 2001
From: sns <sns@vuln.in>
Date: Wed, 1 Aug 2018 19:18:12 +0530
Subject: [PATCH] Added 2017 vulnerabilities to index

---
 config/vulns.js                               | 20 +++---
 core/appHandler.js                            | 14 +++--
 routes/app.js                                 |  4 +-
 routes/main.js                                |  6 +-
 views/app/bulkproducts.ejs                    | 61 +++++++------------
 views/common/menu.ejs                         | 32 ----------
 views/learn.ejs                               | 21 +++----
 .../a10_logging/description.ejs               |  3 +
 .../vulnerabilities/a10_logging/reference.ejs |  3 +
 .../vulnerabilities/a10_logging/scenario.ejs  |  4 ++
 .../description.ejs                           |  0
 .../reference.ejs                             |  0
 .../scenario.ejs                              |  0
 views/vulnerabilities/a4_idor/description.ejs |  3 -
 views/vulnerabilities/a4_idor/reference.ejs   |  3 -
 views/vulnerabilities/a4_idor/scenario.ejs    |  4 --
 views/vulnerabilities/a4_xxe/description.ejs  |  3 +
 views/vulnerabilities/a4_xxe/reference.ejs    |  3 +
 views/vulnerabilities/a4_xxe/scenario.ejs     |  3 +
 .../description.ejs                           |  0
 .../reference.ejs                             |  0
 .../scenario.ejs                              |  2 +-
 .../description.ejs                           |  0
 .../reference.ejs                             |  0
 .../scenario.ejs                              |  0
 .../{a3_xss => a7_xss}/description.ejs        |  0
 .../{a3_xss => a7_xss}/reference.ejs          |  0
 .../{a3_xss => a7_xss}/scenario.ejs           |  0
 views/vulnerabilities/a8_ides/description.ejs |  3 +
 views/vulnerabilities/a8_ides/reference.ejs   |  3 +
 views/vulnerabilities/a8_ides/scenario.ejs    |  4 ++
 .../{a8_csrf => ax_csrf}/description.ejs      |  0
 .../{a8_csrf => ax_csrf}/reference.ejs        |  0
 .../{a8_csrf => ax_csrf}/scenario.ejs         |  0
 .../description.ejs                           |  0
 .../reference.ejs                             |  0
 .../scenario.ejs                              |  0
 views/vulnerabilities/layout.ejs              |  8 ++-
 38 files changed, 97 insertions(+), 110 deletions(-)
 delete mode 100644 views/common/menu.ejs
 create mode 100644 views/vulnerabilities/a10_logging/description.ejs
 create mode 100644 views/vulnerabilities/a10_logging/reference.ejs
 create mode 100644 views/vulnerabilities/a10_logging/scenario.ejs
 rename views/vulnerabilities/{a6_sensitive_data => a3_sensitive_data}/description.ejs (100%)
 rename views/vulnerabilities/{a6_sensitive_data => a3_sensitive_data}/reference.ejs (100%)
 rename views/vulnerabilities/{a6_sensitive_data => a3_sensitive_data}/scenario.ejs (100%)
 delete mode 100644 views/vulnerabilities/a4_idor/description.ejs
 delete mode 100644 views/vulnerabilities/a4_idor/reference.ejs
 delete mode 100644 views/vulnerabilities/a4_idor/scenario.ejs
 create mode 100644 views/vulnerabilities/a4_xxe/description.ejs
 create mode 100644 views/vulnerabilities/a4_xxe/reference.ejs
 create mode 100644 views/vulnerabilities/a4_xxe/scenario.ejs
 rename views/vulnerabilities/{a7_missing_access_control => a5_broken_access_control}/description.ejs (100%)
 rename views/vulnerabilities/{a7_missing_access_control => a5_broken_access_control}/reference.ejs (100%)
 rename views/vulnerabilities/{a7_missing_access_control => a5_broken_access_control}/scenario.ejs (69%)
 rename views/vulnerabilities/{a5_sec_misconf => a6_sec_misconf}/description.ejs (100%)
 rename views/vulnerabilities/{a5_sec_misconf => a6_sec_misconf}/reference.ejs (100%)
 rename views/vulnerabilities/{a5_sec_misconf => a6_sec_misconf}/scenario.ejs (100%)
 rename views/vulnerabilities/{a3_xss => a7_xss}/description.ejs (100%)
 rename views/vulnerabilities/{a3_xss => a7_xss}/reference.ejs (100%)
 rename views/vulnerabilities/{a3_xss => a7_xss}/scenario.ejs (100%)
 create mode 100644 views/vulnerabilities/a8_ides/description.ejs
 create mode 100644 views/vulnerabilities/a8_ides/reference.ejs
 create mode 100644 views/vulnerabilities/a8_ides/scenario.ejs
 rename views/vulnerabilities/{a8_csrf => ax_csrf}/description.ejs (100%)
 rename views/vulnerabilities/{a8_csrf => ax_csrf}/reference.ejs (100%)
 rename views/vulnerabilities/{a8_csrf => ax_csrf}/scenario.ejs (100%)
 rename views/vulnerabilities/{a10_redirect => ax_redirect}/description.ejs (100%)
 rename views/vulnerabilities/{a10_redirect => ax_redirect}/reference.ejs (100%)
 rename views/vulnerabilities/{a10_redirect => ax_redirect}/scenario.ejs (100%)

diff --git a/config/vulns.js b/config/vulns.js
index 97a1dc14..0832611a 100644
--- a/config/vulns.js
+++ b/config/vulns.js
@@ -1,12 +1,14 @@
 module.exports = {
 	'a1_injection': 'A1: Injection',
-	'a2_broken_auth': 'A2: Broken Authentication and Session Management',
-	'a3_xss': 'A3: Cross-site Scripting',
-	'a4_idor': 'A4: Insecure Direct Object Reference',
-	'a5_sec_misconf': 'A5: Security Misconfiguration',
-	'a6_sensitive_data': 'A6: Sensitive Data Exposure',
-	'a7_missing_access_control': 'A7: Missing Function Level Access Control',
-	'a8_csrf': 'A8: Cross-site Request Forgery',
-	'a9_vuln_component': 'A9: Using Components with Known Vulnerability',
-	'a10_redirect': 'A10: Unvalidated Redirects and Forwards'
+	'a2_broken_auth': 'A2: Broken Authentication',
+	'a3_sensitive_data': 'A3: Sensitive Data Exposure',
+	'a4_xxe': 'A4: XML External Entities',
+	'a5_broken_access_control': 'A5: Broken Access Control',
+	'a6_sec_misconf': 'A6: Security Misconfiguration',
+	'a7_xss': 'A7: Cross-site Scripting',
+	'a8_ides': 'A8: Insecure Deserialization',
+	'a9_vuln_component': 'A9: Using Components with Known Vulnerabilities',
+	'a10_logging': 'A10: Insufficient Logging and Monitoring',
+	'ax_csrf': 'A8:2013  Cross-site Request Forgery',
+	'ax_redirect': 'A10:2013 Unvalidated Redirects and Forwards'
 }
\ No newline at end of file
diff --git a/core/appHandler.js b/core/appHandler.js
index c94415f1..85c5ea48 100644
--- a/core/appHandler.js
+++ b/core/appHandler.js
@@ -212,9 +212,9 @@ module.exports.listUsersAPI = function (req, res) {
 	})
 }
 
-module.exports.bulkProducts =  function(req, res) {
+module.exports.bulkProductsLegacy = function (req,res){
 	// TODO: Deprecate this soon
-	if (req.query.legacy && req.files.products){
+	if(req.files.products){
 		var products = serialize.unserialize(req.files.products.data.toString('utf8'))
 		console.log(products)
 		products.forEach( function (product) {
@@ -223,12 +223,16 @@ module.exports.bulkProducts =  function(req, res) {
 			newProduct.code = product.code
 			newProduct.tags = product.tags
 			newProduct.description = product.description
-
 			newProduct.save()
 		})
 		res.redirect('/app/products')
+	}else{
+		res.render('app/bulkproducts',{messages:{danger:'Invalid file'},legacy:true})
 	}
-	else if (req.files.products && req.files.products.mimetype=='text/xml'){
+}
+
+module.exports.bulkProducts =  function(req, res) {
+	if (req.files.products && req.files.products.mimetype=='text/xml'){
 		var products = libxmljs.parseXmlString(req.files.products.data.toString('utf8'), {noent:true,noblanks:true})
 		products.root().childNodes().forEach( product => {
 			var newProduct = new db.Product()
@@ -240,6 +244,6 @@ module.exports.bulkProducts =  function(req, res) {
 		})
 		res.redirect('/app/products')
 	}else{
-		res.render('app/bulkproducts',{messages:{danger:'Invalid file'}})
+		res.render('app/bulkproducts',{messages:{danger:'Invalid file'},legacy:false})
 	}
 }
diff --git a/routes/app.js b/routes/app.js
index 6da293ec..77832f9e 100644
--- a/routes/app.js
+++ b/routes/app.js
@@ -20,7 +20,7 @@ module.exports = function () {
     })
 
     router.get('/bulkproducts', authHandler.isAuthenticated, function (req, res) {
-        res.render('app/bulkproducts')
+        res.render('app/bulkproducts',{legacy:req.query.legacy})
     })
 
     router.get('/products', authHandler.isAuthenticated, appHandler.listProducts)
@@ -61,5 +61,7 @@ module.exports = function () {
 
     router.post('/bulkproducts',authHandler.isAuthenticated, appHandler.bulkProducts);
 
+    router.post('/bulkproductslegacy',authHandler.isAuthenticated, appHandler.bulkProductsLegacy);
+
     return router
 }
diff --git a/routes/main.js b/routes/main.js
index 8813235f..b56db404 100644
--- a/routes/main.js
+++ b/routes/main.js
@@ -17,9 +17,11 @@ module.exports = function (passport) {
 			vuln_title: vulnDict[req.params.vuln],
 			vuln_scenario: req.params.vuln + '/scenario',
 			vuln_description: req.params.vuln + '/description',
-			vuln_reference: req.params.vuln + '/reference'
+			vuln_reference: req.params.vuln + '/reference',
+			vulnerabilities:vulnDict
 		}, function (err, html) {
 			if (err) {
+				console.log(err)
 				res.status(404).send('404')
 			} else {
 				res.send(html)
@@ -28,7 +30,7 @@ module.exports = function (passport) {
 	})
 
 	router.get('/learn', authHandler.isAuthenticated, function (req, res) {
-		res.render('learn')
+		res.render('learn',{vulnerabilities:vulnDict})
 	})
 
 	router.get('/register', authHandler.isNotAuthenticated, function (req, res) {
diff --git a/views/app/bulkproducts.ejs b/views/app/bulkproducts.ejs
index e1029044..131e94c7 100644
--- a/views/app/bulkproducts.ejs
+++ b/views/app/bulkproducts.ejs
@@ -23,10 +23,10 @@
 
         <div>
             <h3>Upload products</h3>
-            <form encType="multipart/form-data" method="post" action="/app/bulkproducts">
+            <form encType="multipart/form-data" method="post" action="/app/bulkproducts<% if(legacy){%>legacy<%}%>">
                 <div class="input-group mb-3">
                     <div class="products-file">
-                        <input type="file" name="products" class="file-input" id="inputfile" accept=".xml">
+                        <input type="file" name="products" class="file-input" id="inputfile" <% if(!legacy){ %> accept=".xml" <% } %>>
                         <br>
                         <input class="button" type="submit" name="submit" value="Upload">
                     </div>
@@ -35,44 +35,29 @@
         </div>
 
         <div><br>
+            <!-- Handle legacy endpoit /app/bulkproducts?legacy=true -->
+            <% if (!legacy) { %>
             <h3>Sample XML</h3>
-            <xmp>
-                <products>
-                    <product>
-                        <name>Xbox One</name>
-                        <code>23</code>
-                        <tags>gaming console</tags>
-                        <description>Gaming console by Microsoft</description>
-                    </product>
-                    <product>
-                        <name>Playstation 4</name>
-                        <code>26</code>
-                        <tags>gaming console</tags>
-                        <description>Gaming console by Sony</description>
-                    </product>
-                </products>
-            </xmp>
-            <xmp>
-                <products>
-                    <product>
-                        <name>Xbox One</name>
-                        <code>23</code>
-                        <tags>gaming console</tags>
-                        <description>Gaming console by Microsoft</description>
-                    </product>
-                    <product>
-                        <name>Playstation 4</name>
-                        <code>26</code>
-                        <tags>gaming console</tags>
-                        <description>Gaming console by Sony</description>
-                    </product>
-                </products>
-            </xmp>
-            <!-- For legacy endpoit /app/bulkproducts?legacy=true <xmp>[{"name":"Xbox 360","code":"15","tags":"gaming console","description":"Microsoft's flagship gaming console"},{"name":"Playstation 3","code":"17","tags":"gaming console","description":"Sony's flagshipgaming console"}]</xmp> -->
+<pre><xmp>
+<products>
+    <product>
+        <name>Xbox One</name>
+        <code>23</code>
+        <tags>gaming console</tags>
+        <description>Gaming console by Microsoft</description>
+    </product>
+    <product>
+        <name>Playstation 4</name>
+        <code>26</code>
+        <tags>gaming console</tags>
+        <description>Gaming console by Sony</description>
+    </product>
+</products>
+</xmp></pre>
+            <% } else { %>
+                <pre style="white-space: pre-wrap;">[{"name":"Xbox 360","code":"15","tags":"gaming console","description":"Microsoft's flagship gaming console"},{"name":"Playstation 3","code":"17","tags":"gaming console","description":"Sony's flagshipgaming console"}]</pre>
+            <%} %>
         </div>
-
-
-
         </div></div></div>
     <% include ../common/footer %>
 </body>
diff --git a/views/common/menu.ejs b/views/common/menu.ejs
deleted file mode 100644
index 49ef4bec..00000000
--- a/views/common/menu.ejs
+++ /dev/null
@@ -1,32 +0,0 @@
-<div class='list-group'>
-    <a href="/learn/vulnerability/a1_injection" class='list-group-item'>
-        <i class='fa fa-angle-double-right'></i> A1: Injection
-    </a>
-    <a href="/learn/vulnerability/a2_broken_auth" class='list-group-item'>
-        <i class='fa fa-angle-double-right'></i> A2: Broken Authentication and Session Management
-    </a>
-    <a href="/learn/vulnerability/a3_xss" class='list-group-item'>
-        <i class='fa fa-angle-double-right'></i> A3: Cross-site Scripting (XSS)
-    </a>
-    <a href="/learn/vulnerability/a4_idor" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A4: Insecure Direct Object Reference (IDOR)
-    </a>
-    <a href="/learn/vulnerability/a5_sec_misconf" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A5: Security Misconfiguration
-    </a>
-    <a href="/learn/vulnerability/a6_sensitive_data" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A6: Sensitive Data Exposure
-    </a>
-    <a href="/learn/vulnerability/a7_missing_access_control" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A7: Missing Function Level Access Control
-    </a>
-    <a href="/learn/vulnerability/a8_csrf" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A8: Cross-site Request Forgery (CSRF)
-    </a>
-    <a href="/learn/vulnerability/a9_vuln_component" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A9: Using Components with Known Vulnerability
-    </a>
-    <a href="/learn/vulnerability/a10_redirect" class="list-group-item">
-        <i class="fa fa-angle-double-right"></i> A10: Unvalidated Redirects and Forwards
-    </a>
-</div>
\ No newline at end of file
diff --git a/views/learn.ejs b/views/learn.ejs
index c55cf216..9b25d324 100644
--- a/views/learn.ejs
+++ b/views/learn.ejs
@@ -9,7 +9,13 @@
 
         <div class='row'>
             <div class='col-md-3'>
-                <% include common/menu %>
+                <div class='list-group'>
+                    <% for (var vulnKey in vulnerabilities) { %>
+                        <a href="/learn/vulnerability/<%=vulnKey%>" class='list-group-item'>
+                            <i class='fa fa-angle-double-right'></i> <%=vulnerabilities[vulnKey]%>
+                        </a>
+                    <% } %>
+                </div>
             </div>
             <div class='col-md-9'>
                 <% if (messages.success) { %>
@@ -26,16 +32,9 @@
                 Start by selecting one of the vulnerability class from the left menu or select one of the link below: </p>
 
                 <ul>
-                    <li><a href='/learn/vulnerability/a1_injection'>A1: Injection</a></li>
-                    <li><a href='/learn/vulnerability/a2_broken_auth'>A2: Broken Authentication and Session Management</a></li>
-                    <li><a href='/learn/vulnerability/a3_xss'>A3: Cross-site Scripting</a></li>
-                    <li><a href='/learn/vulnerability/a4_idor'>A4: Insecure Direct Object Reference</a></li>
-                    <li><a href='/learn/vulnerability/a5_sec_misconf'>A5: Security Misconfiguration</a></li>
-                    <li><a href='/learn/vulnerability/a6_sensitive_data'>A6: Sensitive Data Exposure</a></li>
-                    <li><a href='/learn/vulnerability/a7_missing_access_control'>A7: Missing Function Level Access Control</a></li>
-                    <li><a href='/learn/vulnerability/a8_csrf'>A8: Cross-site Request Forgery</a></li>
-                    <li><a href='/learn/vulnerability/a9_vuln_component'>A9: Using Components with Known Vulnerability</a></li>
-                    <li><a href='/learn/vulnerability/a10_redirect'>A10: Unvalidated Redirects and Forwards</a></li>
+                    <% for (var vulnKey in vulnerabilities) { %>
+                    <li><a href='/learn/vulnerability/<%=vulnKey%>'> <%=vulnerabilities[vulnKey]%> </a></li>
+                    <% } %>
                 </ul>
             </div>
         </div>
diff --git a/views/vulnerabilities/a10_logging/description.ejs b/views/vulnerabilities/a10_logging/description.ejs
new file mode 100644
index 00000000..e92afd87
--- /dev/null
+++ b/views/vulnerabilities/a10_logging/description.ejs
@@ -0,0 +1,3 @@
+<div class="markdown">
+Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. 
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a10_logging/reference.ejs b/views/vulnerabilities/a10_logging/reference.ejs
new file mode 100644
index 00000000..160340dd
--- /dev/null
+++ b/views/vulnerabilities/a10_logging/reference.ejs
@@ -0,0 +1,3 @@
+<div class="markdown">
+* [https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring](https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring)
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a10_logging/scenario.ejs b/views/vulnerabilities/a10_logging/scenario.ejs
new file mode 100644
index 00000000..87d4f29d
--- /dev/null
+++ b/views/vulnerabilities/a10_logging/scenario.ejs
@@ -0,0 +1,4 @@
+<div class='markdown'>
+* No Scenario for this vulnerability
+</div>
+
diff --git a/views/vulnerabilities/a6_sensitive_data/description.ejs b/views/vulnerabilities/a3_sensitive_data/description.ejs
similarity index 100%
rename from views/vulnerabilities/a6_sensitive_data/description.ejs
rename to views/vulnerabilities/a3_sensitive_data/description.ejs
diff --git a/views/vulnerabilities/a6_sensitive_data/reference.ejs b/views/vulnerabilities/a3_sensitive_data/reference.ejs
similarity index 100%
rename from views/vulnerabilities/a6_sensitive_data/reference.ejs
rename to views/vulnerabilities/a3_sensitive_data/reference.ejs
diff --git a/views/vulnerabilities/a6_sensitive_data/scenario.ejs b/views/vulnerabilities/a3_sensitive_data/scenario.ejs
similarity index 100%
rename from views/vulnerabilities/a6_sensitive_data/scenario.ejs
rename to views/vulnerabilities/a3_sensitive_data/scenario.ejs
diff --git a/views/vulnerabilities/a4_idor/description.ejs b/views/vulnerabilities/a4_idor/description.ejs
deleted file mode 100644
index 752651ea..00000000
--- a/views/vulnerabilities/a4_idor/description.ejs
+++ /dev/null
@@ -1,3 +0,0 @@
-<div class='markdown'>
-A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. An attacker can manipulate direct object references to access other objects without authorization, unless an access control check is in place.
-</div>
diff --git a/views/vulnerabilities/a4_idor/reference.ejs b/views/vulnerabilities/a4_idor/reference.ejs
deleted file mode 100644
index c25c80a4..00000000
--- a/views/vulnerabilities/a4_idor/reference.ejs
+++ /dev/null
@@ -1,3 +0,0 @@
-<div class='markdown'>
-* [https://www.owasp.org/index.php/Top\_10_2013-A4-Insecure\_Direct\_Object\_References](https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References)
-</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a4_idor/scenario.ejs b/views/vulnerabilities/a4_idor/scenario.ejs
deleted file mode 100644
index b567c15a..00000000
--- a/views/vulnerabilities/a4_idor/scenario.ejs
+++ /dev/null
@@ -1,4 +0,0 @@
-<div class='markdown'>
-* [IDOR: Edit User](/app/useredit)
-</div>
-
diff --git a/views/vulnerabilities/a4_xxe/description.ejs b/views/vulnerabilities/a4_xxe/description.ejs
new file mode 100644
index 00000000..5c91a212
--- /dev/null
+++ b/views/vulnerabilities/a4_xxe/description.ejs
@@ -0,0 +1,3 @@
+<div class="markdown">
+Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a4_xxe/reference.ejs b/views/vulnerabilities/a4_xxe/reference.ejs
new file mode 100644
index 00000000..99b37e64
--- /dev/null
+++ b/views/vulnerabilities/a4_xxe/reference.ejs
@@ -0,0 +1,3 @@
+<div class="markdown">
+* [https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)](https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE))
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a4_xxe/scenario.ejs b/views/vulnerabilities/a4_xxe/scenario.ejs
new file mode 100644
index 00000000..3d988a10
--- /dev/null
+++ b/views/vulnerabilities/a4_xxe/scenario.ejs
@@ -0,0 +1,3 @@
+<div class='markdown'>
+* [XXE: Import Products](/app/bulkproducts)
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a7_missing_access_control/description.ejs b/views/vulnerabilities/a5_broken_access_control/description.ejs
similarity index 100%
rename from views/vulnerabilities/a7_missing_access_control/description.ejs
rename to views/vulnerabilities/a5_broken_access_control/description.ejs
diff --git a/views/vulnerabilities/a7_missing_access_control/reference.ejs b/views/vulnerabilities/a5_broken_access_control/reference.ejs
similarity index 100%
rename from views/vulnerabilities/a7_missing_access_control/reference.ejs
rename to views/vulnerabilities/a5_broken_access_control/reference.ejs
diff --git a/views/vulnerabilities/a7_missing_access_control/scenario.ejs b/views/vulnerabilities/a5_broken_access_control/scenario.ejs
similarity index 69%
rename from views/vulnerabilities/a7_missing_access_control/scenario.ejs
rename to views/vulnerabilities/a5_broken_access_control/scenario.ejs
index 2c8934f1..7c9ea16d 100644
--- a/views/vulnerabilities/a7_missing_access_control/scenario.ejs
+++ b/views/vulnerabilities/a5_broken_access_control/scenario.ejs
@@ -1,5 +1,5 @@
 <div class='markdown'>
 * [Admin API Dashbaord](/app/admin)
-
+* [Edit User](/app/useredit)
 </div>
 
diff --git a/views/vulnerabilities/a5_sec_misconf/description.ejs b/views/vulnerabilities/a6_sec_misconf/description.ejs
similarity index 100%
rename from views/vulnerabilities/a5_sec_misconf/description.ejs
rename to views/vulnerabilities/a6_sec_misconf/description.ejs
diff --git a/views/vulnerabilities/a5_sec_misconf/reference.ejs b/views/vulnerabilities/a6_sec_misconf/reference.ejs
similarity index 100%
rename from views/vulnerabilities/a5_sec_misconf/reference.ejs
rename to views/vulnerabilities/a6_sec_misconf/reference.ejs
diff --git a/views/vulnerabilities/a5_sec_misconf/scenario.ejs b/views/vulnerabilities/a6_sec_misconf/scenario.ejs
similarity index 100%
rename from views/vulnerabilities/a5_sec_misconf/scenario.ejs
rename to views/vulnerabilities/a6_sec_misconf/scenario.ejs
diff --git a/views/vulnerabilities/a3_xss/description.ejs b/views/vulnerabilities/a7_xss/description.ejs
similarity index 100%
rename from views/vulnerabilities/a3_xss/description.ejs
rename to views/vulnerabilities/a7_xss/description.ejs
diff --git a/views/vulnerabilities/a3_xss/reference.ejs b/views/vulnerabilities/a7_xss/reference.ejs
similarity index 100%
rename from views/vulnerabilities/a3_xss/reference.ejs
rename to views/vulnerabilities/a7_xss/reference.ejs
diff --git a/views/vulnerabilities/a3_xss/scenario.ejs b/views/vulnerabilities/a7_xss/scenario.ejs
similarity index 100%
rename from views/vulnerabilities/a3_xss/scenario.ejs
rename to views/vulnerabilities/a7_xss/scenario.ejs
diff --git a/views/vulnerabilities/a8_ides/description.ejs b/views/vulnerabilities/a8_ides/description.ejs
new file mode 100644
index 00000000..c5c97630
--- /dev/null
+++ b/views/vulnerabilities/a8_ides/description.ejs
@@ -0,0 +1,3 @@
+<div class="markdown">
+Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a8_ides/reference.ejs b/views/vulnerabilities/a8_ides/reference.ejs
new file mode 100644
index 00000000..f477a0ba
--- /dev/null
+++ b/views/vulnerabilities/a8_ides/reference.ejs
@@ -0,0 +1,3 @@
+<div class="markdown">
+* [https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization](https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization)
+</div>
\ No newline at end of file
diff --git a/views/vulnerabilities/a8_ides/scenario.ejs b/views/vulnerabilities/a8_ides/scenario.ejs
new file mode 100644
index 00000000..49c91ebe
--- /dev/null
+++ b/views/vulnerabilities/a8_ides/scenario.ejs
@@ -0,0 +1,4 @@
+<div class='markdown'>
+* [Insecure Deserialization: Legacy Import Products](/app/bulkproductslegacy)
+</div>
+
diff --git a/views/vulnerabilities/a8_csrf/description.ejs b/views/vulnerabilities/ax_csrf/description.ejs
similarity index 100%
rename from views/vulnerabilities/a8_csrf/description.ejs
rename to views/vulnerabilities/ax_csrf/description.ejs
diff --git a/views/vulnerabilities/a8_csrf/reference.ejs b/views/vulnerabilities/ax_csrf/reference.ejs
similarity index 100%
rename from views/vulnerabilities/a8_csrf/reference.ejs
rename to views/vulnerabilities/ax_csrf/reference.ejs
diff --git a/views/vulnerabilities/a8_csrf/scenario.ejs b/views/vulnerabilities/ax_csrf/scenario.ejs
similarity index 100%
rename from views/vulnerabilities/a8_csrf/scenario.ejs
rename to views/vulnerabilities/ax_csrf/scenario.ejs
diff --git a/views/vulnerabilities/a10_redirect/description.ejs b/views/vulnerabilities/ax_redirect/description.ejs
similarity index 100%
rename from views/vulnerabilities/a10_redirect/description.ejs
rename to views/vulnerabilities/ax_redirect/description.ejs
diff --git a/views/vulnerabilities/a10_redirect/reference.ejs b/views/vulnerabilities/ax_redirect/reference.ejs
similarity index 100%
rename from views/vulnerabilities/a10_redirect/reference.ejs
rename to views/vulnerabilities/ax_redirect/reference.ejs
diff --git a/views/vulnerabilities/a10_redirect/scenario.ejs b/views/vulnerabilities/ax_redirect/scenario.ejs
similarity index 100%
rename from views/vulnerabilities/a10_redirect/scenario.ejs
rename to views/vulnerabilities/ax_redirect/scenario.ejs
diff --git a/views/vulnerabilities/layout.ejs b/views/vulnerabilities/layout.ejs
index ff559d22..b4ef7dbf 100644
--- a/views/vulnerabilities/layout.ejs
+++ b/views/vulnerabilities/layout.ejs
@@ -9,7 +9,13 @@
 
     <div class='row'>
         <div class='col-md-3'>
-            <% include ../common/menu %>
+            <div class='list-group'>
+                <% for (var vulnKey in vulnerabilities) { %>
+                    <a href="/learn/vulnerability/<%=vulnKey%>" class='list-group-item'>
+                        <i class='fa fa-angle-double-right'></i> <%=vulnerabilities[vulnKey]%>
+                    </a>
+                <% } %>
+            </div>
         </div>
         <div class='col-md-9'>
             <h3><%=vuln_title%></h3>