From 1e435d7691599bdac6a9243d25494e4d7a494f22 Mon Sep 17 00:00:00 2001
From: proabiral <22173232+proabiral@users.noreply.github.com>
Date: Thu, 7 Nov 2024 16:27:15 +0545
Subject: [PATCH 1/2] Update CVE-2019-0232.yaml

remove false positive for sites that reflect request parameters
---
 http/cves/2019/CVE-2019-0232.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/http/cves/2019/CVE-2019-0232.yaml b/http/cves/2019/CVE-2019-0232.yaml
index b351f19157..0429985b04 100644
--- a/http/cves/2019/CVE-2019-0232.yaml
+++ b/http/cves/2019/CVE-2019-0232.yaml
@@ -51,6 +51,13 @@ http:
         words:
           - "{{sid}}"
 
+      - type: word
+        negative: true
+        part: body
+        words:
+          - "echo {{sid}}"
+          - "echo+{{sid}}"
+
       - type: word
         part: content_type
         words:
@@ -59,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202f871ff28f38f687dbe3c61173834dbcae004d726e798d4018f0afa313de6bf002206a2b7627cb7f83fcd701389d836b5a07b68911aa84b6e18609bb6a717906a70c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202f871ff28f38f687dbe3c61173834dbcae004d726e798d4018f0afa313de6bf002206a2b7627cb7f83fcd701389d836b5a07b68911aa84b6e18609bb6a717906a70c:922c64590222798bb761d5b6d8e72950

From 9e3fe8520837dafe4183179aa81d052335b82a15 Mon Sep 17 00:00:00 2001
From: proabiral <22173232+proabiral@users.noreply.github.com>
Date: Thu, 7 Nov 2024 16:46:29 +0545
Subject: [PATCH 2/2] Update CVE-2024-7029.yaml

The template currently outputs multiple false positive for sites that reflected request body. This pull request eliminates such False positive.
---
 http/cves/2024/CVE-2024-7029.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/http/cves/2024/CVE-2024-7029.yaml b/http/cves/2024/CVE-2024-7029.yaml
index bb9928de61..800b273186 100644
--- a/http/cves/2024/CVE-2024-7029.yaml
+++ b/http/cves/2024/CVE-2024-7029.yaml
@@ -45,6 +45,13 @@ http:
         words:
           - "{{string}}"
 
+      - type: word
+        negative: true
+        part: body
+        words:
+          - "echo%20{{string}}"
+          - "echo {{string}}"
+
       - type: word
         part: content_type
         words:
@@ -53,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008a2b017609e968f621853ea87a5580cbbd41bee62c3b9f42a2d27c975ee702c8022100fb7f8d863694679bce9aeb944a98764b24ebf9b76c558b0fb040cb8460b63dca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008a2b017609e968f621853ea87a5580cbbd41bee62c3b9f42a2d27c975ee702c8022100fb7f8d863694679bce9aeb944a98764b24ebf9b76c558b0fb040cb8460b63dca:922c64590222798bb761d5b6d8e72950