CVE-2023-24488 PoC — Cross site scripting

Source

https://github.com/securitycipher/CVE-2023-24488

Associated Vulnerability

Title:Cross site scripting (CVE-2023-24488)
Description:Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

Description

POC for CVE-2023-24488

Readme

# CVE-2023-24488
### POC for CVE-2023-24488

### Citrix Gateway Open Redirect and XSS (CVE-2023-24488)
URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a link which, when clicked, redirects the victim to an arbitrary location. Alternatively the attacker can inject newline characters into the Location header, to prematurely end the HTTP headers and inject an XSS payload into the response body.

## Install Requirements 
```
pip3 install -r requirements.txt
```

## Usage:
```
usage: python3 CVE-2023-24488.py [-h] (-u URL | -f FILE) [-o OUTPUT]
Example Command: # CVE-2023-24488.py -f ip.txt -o vulip.txt 

Check vulnerability to CVE-2023-24488

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Single URL/IP to check vulnerability
  -f FILE, --file FILE  File containing list of URLs/IPs
  -o OUTPUT, --output OUTPUT
                        Output file to save vulnerable IPs

```

Code BY:

Piyush Kumawat: [https://www.linkedin.com/in/piyush-kumawat/](url)

Blog: [securitycipher.com](url)

File Snapshot


 [4.0K]  /data/pocs/419966b28339556a5567b1920ad80e73ca340387
├── [2.8K]  CVE-2023-24488.py
├── [1.1K]  README.md
└── [  18]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!