Merge pull request #7019 from j4vaovo/patch-9

Fix CNVD-2017-03561.yaml

cnvd/2017/CNVD-2017-03561.yaml

@@ -1,23 +1,25 @@
 id: CNVD-2017-03561
 
 info:
-  name: Panwei eMobile - OGNL Injection
+  name: Fanwei eMobile - OGNL Injection
   author: ritikchaddha
   severity: high
-  description: Panwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site.
+  description: |
+    Fanwei eMobile contains an object graph navigation library vulnerability. An attacker can inject arbitrary JavaScript, thus possibly obtaining sensitive information from a database, modifying data, and executing unauthorized administrative operations in the context of the affected site.
   reference:
     - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
     - https://reconshell.com/vulnerability-research-list/
   metadata:
     verified: true
     fofa-query: app="泛微-eMobile"
-  tags: cnvd,cnvd2017,emobile,ognl,panwei
+  tags: cnvd,cnvd2017,emobile,ognl,fanwei
 
 variables:
-  num1: "9999"
-  num2: "5555"
+  num1: "{{rand_int(800000, 999999)}}"
+  num2: "{{rand_int(800000, 999999)}}"
+  result: "{{to_number(num1)*to_number(num2)}}"
 
-requests:
+http:
   - method: GET
     path:
       - "{{BaseURL}}/login.do?message={{num1}}*{{num2}}"
@@ -29,7 +31,7 @@ requests:
       - type: word
         part: body
         words:
-          - '55544445'
+          - "{{result}}"
 
       - type: status
         status: