Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-24489 PoC — Citrix Systems Content Collaboration 安全漏洞

Source
https://github.com/adhikara13/CVE-2023-24489-ShareFile
Associated Vulnerability
Title:Citrix Systems Content Collaboration 安全漏洞 (CVE-2023-24489)
Description:Citrix Systems Content Collaboration是美国思杰系统(Citrix Systems)公司的一种安全的企业文件同步和共享服务。可满足用户的移动和协作需求以及企业的数据安全要求。 Citrix Systems Content Collaboration存在安全漏洞,该漏洞源于 ShareFile StorageZones Controller 存在不正确的资源控制漏洞。
Description
This project is a Python script that exploits the CVE-2023-24489 vulnerability in ShareFile. It allows remote command execution on the target server. The script supports both Windows and Linux (On testing) platforms, and it can be used to exploit individual targets or perform mass checking on a list of URLs.
Readme
# ShareFile RCE (CVE-2023-24489)

This is a Python script that exploits a remote code execution vulnerability in the ShareFile application (CVE-2023-24489). This vulnerability allows an attacker to execute arbitrary commands on the target system.

## Usage

To use the script, follow the instructions below:

1. Install the required dependencies:
   ```bash
   pip install requests
   ```

2. Run the script with the desired options:

   ```bash
   python cve.py --host <target URL> [--windows | --linux] [--cmd <command>] [--mass-check <wordlist file>]
   ```

   The available options are:

   - `--host`: Specifies the URL of the target to exploit.
   - `--windows`: Specifies that the target system is running Windows.
   - `--linux`: Specifies that the target system is running Linux.
   - `--cmd`: Specifies the command to execute during exploitation (optional).
   - `--mass-check`: Specifies the path to the wordlist file for mass checking (optional).

   Note: Either the `--host` option or the `--mass-check` option must be provided.

## References
[https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/](https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/)

## Disclaimer

This script is provided for educational purposes only. You are responsible for using this script in compliance with applicable laws and regulations. The author assumes no responsibility for any unauthorized or malicious use of this script. You should only use this script on systems that you have proper authorization to access. Using this script on unauthorized systems is strictly prohibited and may result in legal consequences. Use it responsibly and at your own risk.
File Snapshot

 [4.0K]  /data/pocs/7f7fe8b4ebfaef801f403538dc7bae6f343df3e4
├── [7.9K]  cve.py
├── [6.9K]  LICENSE
└── [1.6K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.