From efa660171ed732efffea3ae5785b63404a021517 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 20 Aug 2024 21:21:01 +0400
Subject: [PATCH] updated matchers

---
 http/cves/2023/CVE-2023-40504.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/http/cves/2023/CVE-2023-40504.yaml b/http/cves/2023/CVE-2023-40504.yaml
index 77133a24d4..81611b7a0c 100644
--- a/http/cves/2023/CVE-2023-40504.yaml
+++ b/http/cves/2023/CVE-2023-40504.yaml
@@ -6,11 +6,11 @@ info:
   description: |
     LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2023-40504
     - https://www.zerodayinitiative.com/advisories/ZDI-23-1208/
     - https://packetstormsecurity.com/files/180171/LG-Simple-Editor-3.21.0-Command-Injection.html
     - https://0day.today/exploit/39719
     - https://www.usom.gov.tr/bildirim/tr-24-0417
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-40504
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -20,10 +20,11 @@ info:
     epss-percentile: 0.40471
   metadata:
     max-request: 1
+    verified: true
     vendor: lg
     product: simple_editor
     fofa-query: icon_hash="159985907"
-  tags: cve,cve2023,lg,simple-editor,intrusive,packetstorm
+  tags: cve,cve2023,lg,simple-editor,intrusive,rce,file-upload
 
 variables:
   filename: "{{rand_base(12)}}"
@@ -40,7 +41,6 @@ http:
       - type: dsl
         dsl:
           - 'contains(body,"LG Simple Editor")'
-          - 'contains(content_type,"text/html")'
           - 'status_code == 200'
         condition: and
         internal: true
@@ -76,8 +76,8 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - 'contains_all(body,"errorCode","errorMessage","data","fail")'
-          - 'contains(content_type,"application/json")'
+          - 'contains_all(body, "errorCode","errorMessage","fail")'
+          - 'contains(content_type, "application/json")'
           - 'status_code == 200'
         condition: and
         internal: true
@@ -94,8 +94,8 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - 'contains_all(body,"errorCode","errorMessage","data","success")'
-          - 'contains(content_type,"application/json")'
+          - 'contains_all(body, "errorCode","errorMessage","data","success")'
+          - 'contains(content_type, "application/json")'
           - 'status_code == 200'
         condition: and
         internal: true
@@ -108,6 +108,6 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - 'contains(content_type,"text/html")'
+          - 'contains(content_type, "text/html")'
           - 'status_code == 200'
         condition: and