Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19781 PoC — Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞

Source
https://github.com/DanielWep/CVE-NetScalerFileSystemCheck
Associated Vulnerability
Title:Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞 (CVE-2019-19781)
Description:Citrix Systems NetScaler Gateway(Citrix Systems Gateway)和Citrix Application Delivery Controller(ADC)都是美国思杰系统(Citrix Systems)公司的产品。Citrix Systems NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能,以实现用户从任何地点远程访问应用和数据。Citrix Application Delivery Controll
Description
This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information
Readme
# CVE-NetScalerFileSystemCheck
This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information.

The following files and logs will be checked (Latest version 1.13):
- Template folders for XML files
- Apache Access logfiles
- Apache Error logfiles
- Cron Jobs
- Backdoor Scripts
- Crypto Miner
- Bash logfiles

## Getting Started

The Output file will be created in the execution directory. 

### Prerequisites

CVE-NetScalerFileSystemCheck.ps1 needs [plink.exe](https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe) in the execution directory and can be run your local computer. 

CVE-NetScalerFileSystemCheck.sh can be run your NetScaler appliance directly, e.g. under /var/tmp/.  

## Running the scripts

### CCVE-NetScalerFileSystemCheck.ps1

```
.\CVE-NetScalerFileSystemCheck.ps1 -NSIP [YourNetScalerIP]
```

### CCVE-NetScalerFileSystemCheck.sh

```
bash CVE-NetScalerFileSystemCheck.sh
```
## Credits
@manuelkolloff - https://nerdscaler.com/
#

Cheers,
[Daniel Weppeler](https://danielweppeler.de)
File Snapshot

 [4.0K]  /data/pocs/233e73a6de600b1478bc0455e75c52080579a2d6
├── [4.5K]  CVE-NetScalerFileSystemCheck.ps1
├── [1.3K]  CVE-NetScalerFileSystemCheck.sh
└── [1.1K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.