From 327cf651c51509f9663f6858379305c7ee341a0e Mon Sep 17 00:00:00 2001
From: Ryan Borum <37112354+ryanborum@users.noreply.github.com>
Date: Wed, 24 Jan 2024 07:36:09 -0500
Subject: [PATCH] Update CVE-2024-0204.yaml

Updated and added Shodan facets
---
 http/cves/2024/CVE-2024-0204.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/http/cves/2024/CVE-2024-0204.yaml b/http/cves/2024/CVE-2024-0204.yaml
index beeaead6f6..203fd819a7 100644
--- a/http/cves/2024/CVE-2024-0204.yaml
+++ b/http/cves/2024/CVE-2024-0204.yaml
@@ -2,7 +2,9 @@ id: CVE-2024-0204
 
 info:
   name: Fortra GoAnywhere MFT - Authentication Bypass
-  author: DhiyaneshDK
+  author:
+   - DhiyaneshDK
+   - GraysonsMortalEnemy
   severity: critical
   description: |
     Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
@@ -19,7 +21,9 @@ info:
   metadata:
     verified: true
     max-request: 1
-    shodan-query: http.favicon.hash:1484947000
+    shodan-query: 
+     - http.favicon.hash:1484947000,1828756398,1170495932
+     - html:InvalidBrowser.xhtml
   tags: cve,cve2024,auth-bypass,goanywhere
 
 http:
@@ -39,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200c0737654cbbb14c8e7da4470731e92dace06ddccf481af6ed760cb99c5d75e5022100be491a724570489903e091ba728fa5d7fee4ef4cefd643d1c89ca314edd55f32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200c0737654cbbb14c8e7da4470731e92dace06ddccf481af6ed760cb99c5d75e5022100be491a724570489903e091ba728fa5d7fee4ef4cefd643d1c89ca314edd55f32:922c64590222798bb761d5b6d8e72950