From 9814c359aa1c338004eea73b429edfaede61a6b4 Mon Sep 17 00:00:00 2001 From: Hoang Nguyen Dinh Date: Wed, 13 Nov 2024 11:14:01 +0000 Subject: [PATCH] update --- http/cves/2020/CVE-2020-24881.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/http/cves/2020/CVE-2020-24881.yaml b/http/cves/2020/CVE-2020-24881.yaml index af990992923..eacbe2fea64 100644 --- a/http/cves/2020/CVE-2020-24881.yaml +++ b/http/cves/2020/CVE-2020-24881.yaml @@ -15,7 +15,7 @@ http: - | GET /login.php HTTP/1.1 Host: {{Hostname}} - Cookie: OSTSESSID={{SESSIONID}} + Cookie: OSTSESSID=5q1208lqtakb3gqltkd0nuvh7a extractors: - type: regex @@ -31,7 +31,7 @@ http: POST /login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - Cookie: OSTSESSID={{SESSIONID}} + Cookie: OSTSESSID=5q1208lqtakb3gqltkd0nuvh7a __CSRFToken__={{csrf_token}}&luser={{username}}&lpasswd={{password}} @@ -39,7 +39,7 @@ http: - | GET /open.php HTTP/1.1 Host: {{Hostname}} - Cookie: OSTSESSID={{SESSIONID}} + Cookie: OSTSESSID=5q1208lqtakb3gqltkd0nuvh7a extractors: - type: regex @@ -62,7 +62,8 @@ http: GET /ajax.php/form/help-topic/{{option_value}} HTTP/1.1 Host: {{Hostname}} X-Requested-With: XMLHttpRequest - Cookie: OSTSESSID={{SESSIONID}} + Referer: http://{{Hostname}}/open.php + Cookie: OSTSESSID=5q1208lqtakb3gqltkd0nuvh7a extractors: - type: regex @@ -78,7 +79,7 @@ http: POST /open.php HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=---------------------------266856663522356381601517168829 - Cookie: OSTSESSID={{SESSIONID}} + Cookie: OSTSESSID=5q1208lqtakb3gqltkd0nuvh7a -----------------------------266856663522356381601517168829 Content-Disposition: form-data; name="__CSRFToken__" @@ -124,4 +125,4 @@ http: - | GET /tickets.php?a=print&id={{ticketid}} HTTP/1.1 Host: {{Hostname}} - Cookie: OSTSESSID={{SESSIONID}} + Cookie: OSTSESSID=5q1208lqtakb3gqltkd0nuvh7a