Here is an example of a template that performs a path traversal to access the CRXDE Panel

{
  "requests": {
    "path": "/content/..;/crx/de/index.jsp",
    "method": "GET"
  },
  "responses": {
    "matchers-condition": "and",
    "matchers": [
      {
        "type": "word",
        "words": ["CRXDE Lite"]
      },
      {
        "type": "status",
        "status": [200]
      }
    ]
  }
}

Requests

path
string
required

The http path

method
string
required

The http method

headers
array

Responses

matchers-condition
string
required

The matcher condition:

  • and will make sure all matches are true for a valid finding
  • or will make sure one or more matches are true for a valid finding
matchers
array
Vulnerability Scanning