Update CVE-2022-2544.yaml

cves/2022/CVE-2022-2544.yaml

@@ -3,36 +3,47 @@ info:
   name: Resume Disclosure via Directory Listing
   author: tess
   severity: medium
-  metadata:
-    verified: true
   description: In certain cases, system administrators leave directory listing enabled
     which can sometimes expose sensitive files.
   reference:
     - https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php
     - https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2544
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-2544
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2022-2544
     cwe-id: CWE-425
-  tags: misconfig,cve,cve2022,wordpress
+  metadata:
+    verified: true
+  tags: cve,cve2022,wordpress,wp-plugin,wp
+
 requests:
-  - raw:
-      - |
-        GET {{expose_data}} HTTP/1.1
-        Host: {{Hostname}}
-    payloads:
-      expose_data:
-        - /wp/wp-content/uploads/wpjobboard/
-        - /wp/wp-content/uploads/wpjobboard/application/1025/file/
-        - /wp-content/uploads/wpjobboard/
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp/wp-content/uploads/wpjobboard/"
+      - "{{BaseURL}}/wp-content/uploads/wpjobboard/"
+
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - Index of /wp/wp-content/uploads/wpjobboard
-          - Index of /wp-content/uploads/wpjobboard
+          - 'Index of /wp/wp-content/uploads/wpjobboard'
+        condition: and
+
+      - type: word
+        part: body
+        words:
+          - "Index of /wp-content/uploads/wpjobboard"
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
       - type: status
         status:
           - 200