From 767f173f88509d3e15ab61931f11cb1f5cab43e5 Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Sat, 10 Jul 2021 18:45:09 +0530
Subject: [PATCH] minor updates

---
 cves/2021/CVE-2021-28149.yaml | 2 +-
 cves/2021/CVE-2021-28150.yaml | 6 +++---
 cves/2021/CVE-2021-28151.yaml | 5 +++--
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/cves/2021/CVE-2021-28149.yaml b/cves/2021/CVE-2021-28149.yaml
index 64a5b8369d..fe6e840041 100644
--- a/cves/2021/CVE-2021-28149.yaml
+++ b/cves/2021/CVE-2021-28149.yaml
@@ -7,7 +7,7 @@ info:
   description: |
       Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
   reference: |
-    - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ 
+    - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-28149
   tags: cve,cve2021,hongdian,traversal
 
diff --git a/cves/2021/CVE-2021-28150.yaml b/cves/2021/CVE-2021-28150.yaml
index 0a2270e06d..245924ef14 100644
--- a/cves/2021/CVE-2021-28150.yaml
+++ b/cves/2021/CVE-2021-28150.yaml
@@ -7,7 +7,7 @@ info:
   description: |
     Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
   reference: |
-    - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ 
+    - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-28150
   tags: cve,cve2021,hongdian,exposures
 
@@ -51,5 +51,5 @@ requests:
       - type: word
         words:
           - "CLI configuration saved from vty"
-          - "service webadmin"  
-        part: body
+          - "service webadmin"
+        part: body
\ No newline at end of file
diff --git a/cves/2021/CVE-2021-28151.yaml b/cves/2021/CVE-2021-28151.yaml
index 9fad917567..82529e9e51 100644
--- a/cves/2021/CVE-2021-28151.yaml
+++ b/cves/2021/CVE-2021-28151.yaml
@@ -7,7 +7,7 @@ info:
   description: |
     Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
   reference: |
-    - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ 
+    - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-28151
   tags: cve,cve2021,hongdian,rce
 
@@ -63,5 +63,6 @@ requests:
       - type: word
         words:
           - "uid="
-          - "gid="  
+          - "gid="
         part: body
+        condition: and