fix-matcher

http/cves/2021/CVE-2021-24274.yaml

@@ -2,7 +2,7 @@ id: CVE-2021-24274
 
 info:
   name: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
-  author: dhiyaneshDK
+  author: DhiyaneshDK
   severity: medium
   description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
   impact: |
@@ -30,6 +30,19 @@ info:
     framework: wordpress
   tags: cve2021,cve,wpscan,packetstorm,wordpress,wp-plugin,maps,supsystic,xss
 
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - '/wp-content/plugins/ultimate-maps-by-supsystic/modules/maps/css/'
+        condition: and
+
 http:
   - method: GET
     path:
@@ -38,9 +51,9 @@ http:
     matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
           - '</script><script>alert(document.domain)</script>'
-        condition: and
 
       - type: word
         part: header