From cbafd0676480ae151bdc2076a683ecfa7fd769cb Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 10 Sep 2024 14:04:21 +0400
Subject: [PATCH] updated matcher to regex

---
 http/cves/2024/CVE-2024-8517.yaml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/http/cves/2024/CVE-2024-8517.yaml b/http/cves/2024/CVE-2024-8517.yaml
index d657339d33..86daedd76f 100644
--- a/http/cves/2024/CVE-2024-8517.yaml
+++ b/http/cves/2024/CVE-2024-8517.yaml
@@ -1,7 +1,7 @@
 id: CVE-2024-8517
 
 info:
-  name: SPIP BigUp Plugin - Unauthenticated Remote Code Execution
+  name: SPIP BigUp Plugin - Remote Code Execution
   author: DhiyaneshDk
   severity: critical
   description: |
@@ -24,7 +24,7 @@ info:
     max-request: 2
     shodan-query: http.favicon.hash:-1224668706
     fofa-query: "X-Spip-Cache"
-  tags: cve,cve2024,intrusive,spip,unauth
+  tags: cve,cve2024,intrusive,spip,rce
 
 flow: http(1) && http(2)
 
@@ -54,9 +54,9 @@ http:
         part: body
         group: 1
         name: formulaire
-        internal: true
         regex:
           - name=['"]formulaire_action_args['"]\s*type=['"]hidden['"]\s*value=['"]([^'"]+)['"]
+        internal: true
 
   - raw:
       - |
@@ -105,12 +105,10 @@ http:
 
     matchers-condition: and
     matchers:
-      - type: word
+      - type: regex
         part: body
-        words:
-          - "uid="
-          - "gid"
-        condition: and
+        regex:
+          - "uid=[0-9]+.*gid=[0-9]+.*"
 
       - type: status
         status: