关联漏洞
标题:
Citrix Systems Citrix Gateway和Citrix ADC 跨站脚本漏洞
(CVE-2023-24488)
描述:Citrix Systems Citrix Gateway(Citrix Systems NetScaler Gateway)和Citrix ADC都是美国思杰系统(Citrix Systems)公司的产品。Citrix Gateway是一套安全的远程接入解决方案。该产品可为管理员提供应用级和数据级管控功能,以实现用户从任何地点远程访问应用和数据。Citrix ADC是一个最全面的应用程序交付和负载平衡解决方案。用于实现应用程序安全性、整体可见性和可用性。 Citrix ADC 和 Citrix Gate
描述
POC for CVE-2023-24488
介绍
# CVE-2023-24488
### POC for CVE-2023-24488
### Citrix Gateway Open Redirect and XSS (CVE-2023-24488)
URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a link which, when clicked, redirects the victim to an arbitrary location. Alternatively the attacker can inject newline characters into the Location header, to prematurely end the HTTP headers and inject an XSS payload into the response body.
## Install Requirements
```
pip3 install -r requirements.txt
```
## Usage:
```
usage: python3 CVE-2023-24488.py [-h] (-u URL | -f FILE) [-o OUTPUT]
Example Command: # CVE-2023-24488.py -f ip.txt -o vulip.txt
Check vulnerability to CVE-2023-24488
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Single URL/IP to check vulnerability
-f FILE, --file FILE File containing list of URLs/IPs
-o OUTPUT, --output OUTPUT
Output file to save vulnerable IPs
```
Code BY:
Piyush Kumawat: [https://www.linkedin.com/in/piyush-kumawat/](url)
Blog: [securitycipher.com](url)
文件快照
[4.0K] /data/pocs/419966b28339556a5567b1920ad80e73ca340387
├── [2.8K] CVE-2023-24488.py
├── [1.1K] README.md
└── [ 18] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。