CVE-2019-19781 PoC — Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞

Source

Associated Vulnerability

Description

This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information

Readme

# CVE-NetScalerFileSystemCheck
This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information.

The following files and logs will be checked (Latest version 1.13):
- Template folders for XML files
- Apache Access logfiles
- Apache Error logfiles
- Cron Jobs
- Backdoor Scripts
- Crypto Miner
- Bash logfiles

## Getting Started

The Output file will be created in the execution directory. 

### Prerequisites

CVE-NetScalerFileSystemCheck.ps1 needs [plink.exe](https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe) in the execution directory and can be run your local computer. 

CVE-NetScalerFileSystemCheck.sh can be run your NetScaler appliance directly, e.g. under /var/tmp/.  

## Running the scripts

### CCVE-NetScalerFileSystemCheck.ps1

```
.\CVE-NetScalerFileSystemCheck.ps1 -NSIP [YourNetScalerIP]
```

### CCVE-NetScalerFileSystemCheck.sh

```
bash CVE-NetScalerFileSystemCheck.sh
```
## Credits
@manuelkolloff - https://nerdscaler.com/
#

Cheers,
[Daniel Weppeler](https://danielweppeler.de)

File Snapshot

 [4.0K]  /data/pocs/233e73a6de600b1478bc0455e75c52080579a2d6
├── [4.5K]  CVE-NetScalerFileSystemCheck.ps1
├── [1.3K]  CVE-NetScalerFileSystemCheck.sh
└── [1.1K]  README.md

0 directories, 3 files

Remarks