diff --git a/http/cves/2024/CVE-2024-34982.yaml b/http/cves/2024/CVE-2024-34982.yaml
index daf62d8e178..886575b43cf 100644
--- a/http/cves/2024/CVE-2024-34982.yaml
+++ b/http/cves/2024/CVE-2024-34982.yaml
@@ -19,11 +19,13 @@ info:
     product: lylme_spage
     fofa-query: icon_hash="-282504889"
   tags: cve,cve2024,lylme-spage,rce,intrusive
-flow: http(1) && http(2)
+
 variables:
   string: "{{randstr}}"
   filename: "{{to_lower(rand_text_alpha(5))}}"
 
+flow: http(1) && http(2)
+
 http:
   - raw:
       - |
@@ -44,8 +46,10 @@ http:
         words:
           - '"code":'
           - '"msg":'
+          - '"url":'
           - 'php"}'
         condition: and
+        internal: true
 
       - type: status
         status:
@@ -71,4 +75,4 @@ http:
           - 'contains(body, "{{string}}" )'
           - 'contains(header, "text/html")'
         condition: and
-# digest: 4a0a00473045022100d6aa315d5179da098583ea0872b86fe414cbc4cda8301de18ddfafb2a93013ae0220177931a6619243ead54124a71f081a30a8e952360d780e51afa8290a31cff24d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d6aa315d5179da098583ea0872b86fe414cbc4cda8301de18ddfafb2a93013ae0220177931a6619243ead54124a71f081a30a8e952360d780e51afa8290a31cff24d:922c64590222798bb761d5b6d8e72950