CVE-2019-19781 PoC — Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞

Source

Associated Vulnerability

Description

Automated forensic script hunting for cve-2019-19781

Readme

# CVE-2019-19781-Forensic

## Note : My advice is now to use the official tool published by fireeye & citrix : https://github.com/fireeye/ioc-scanner-CVE-2019-19781

##### This little script was created to help security analyst to discover traces of successful CVE-2019-19781 exploits on their systems.
Feel free to fork and improve !
You can find an example of output on a compromised system : [output_demo.txt](https://github.com/onSec-fr/CVE-2019-19781-Forensic/blob/master/output_demo.txt "output_demo.txt").
##### Usage

1- Login on your Citrix Gateway with nsroot (or other high privileged account).

2- Download the script : 
`curl -o CVE-2019-19781-Forensic.sh https://raw.githubusercontent.com/onSec-fr/CVE-2019-19781-Forensic/master/script.sh`

3- Make it executable :
`chmod +x CVE-2019-19781-Forensic.sh`

4- Specify an output filename : 
`./CVE-2019-19781-Forensic.sh <output>`

5- Done !

File Snapshot

 [4.0K]  /data/pocs/58b4b2cca0d2d871503cf423a822001c7a7c1e3b
├── [1.0K]  LICENSE
├── [ 32K]  output_demo.txt
├── [ 902]  README.md
└── [2.2K]  script.sh

0 directories, 4 files

Remarks