Add: new testbed for XWiki_CVE_2025_24893

[a3vX]

Dear Tsunami Team,

This is a testbed for CVE-2025-24893
For the following plugin: google/tsunami-security-scanner-plugins#666

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[leonardo-doyensec]

Hello @a3vX,
thank you for your contribution. I'm noticing that the testbed lacks the steps to reproduce the issue manually. Please add them.

Feel free to reach out
~ Leonardo (Doyensec)

[a3vX]

Hello @leonardo-doyensec,

Thanks for your message.

I’ve written in the README.md file all detailed steps to install XWiki manually.
On the other hand, each step to set up the docker is documented as well in the Dockerfile.

In addition to the XWiki-CVE-2024-21650 testbed, I provided a Python script to automate the UI installation process. If needed, this automation script can be easily deactivated by switching the "CMD" directive in the Dockerfile.

What is missing exactly?
I'll be happy to improve the testbed if needed.

~a3vX

[leonardo-doyensec]

Hello @a3vX,
the testbed is lacking the steps to reproduce the issue manually. Ideally you should provide a python script (or some bash command) that everyone can use to check that the issue exists in the testbed, without running the plugin.

You can take this as an example.

Moreover i've noticed that the steps to run the testbed are wrong. By supplying --build-arg JAVA_VERSION=11 the docker build fails. Please address this issue too.

Feel free to reach out
~ Leonardo (Doyensec)

[a3vX]

Hello @leonardo-doyensec.

Thanks for your feedback.
I just submitted a new commit 6ba4756 to take into account the requested changes.

Feel free to ask if anything else is needed.

--a3vX