POC for CVE-2023-24488# CVE-2023-24488
### POC for CVE-2023-24488
### Citrix Gateway Open Redirect and XSS (CVE-2023-24488)
URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a link which, when clicked, redirects the victim to an arbitrary location. Alternatively the attacker can inject newline characters into the Location header, to prematurely end the HTTP headers and inject an XSS payload into the response body.
## Install Requirements
```
pip3 install -r requirements.txt
```
## Usage:
```
usage: python3 CVE-2023-24488.py [-h] (-u URL | -f FILE) [-o OUTPUT]
Example Command: # CVE-2023-24488.py -f ip.txt -o vulip.txt
Check vulnerability to CVE-2023-24488
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Single URL/IP to check vulnerability
-f FILE, --file FILE File containing list of URLs/IPs
-o OUTPUT, --output OUTPUT
Output file to save vulnerable IPs
```
Code BY:
Piyush Kumawat: [https://www.linkedin.com/in/piyush-kumawat/](url)
Blog: [securitycipher.com](url)
[4.0K] /data/pocs/419966b28339556a5567b1920ad80e73ca340387
├── [2.8K] CVE-2023-24488.py
├── [1.1K] README.md
└── [ 18] requirements.txt
0 directories, 3 files