updated matchers

http/cves/2024/CVE-2024-8877.yaml

@@ -7,9 +7,9 @@ info:
   description: |
     The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.
   reference:
-    - https://cvefeed.io/vuln/detail/CVE-2024-8877
     - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
     - https://0day.today/exploit/39757
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-8877
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -23,10 +23,10 @@ info:
     max-request: 1
     vendor: riello-ups
     product: netman_204_firmware
-    shodan-query: http.title:"netman"
+    shodan-query: title:"netman 204"
-    fofa-query: title="netman"
+    fofa-query: title="netman 204"
     censys-query: services.http.response.body:"netman204"
-    google-query: intitle:"netman"
+    google-query: intitle:"netman 204"
   tags: cve,cve2024,netman,sqli
 
 http:
@@ -37,6 +37,6 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - 'contains_all(body,"START APPLICATION", "Info", "codeStr", "timedate")'
+          - 'contains_all(body, "START APPLICATION", "category\":", "codeStr\":")'
           - 'status_code == 200'
         condition: and