CVE-2019-19781 PoC — Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞

Source

https://github.com/onSec-fr/CVE-2019-19781-Forensic

Associated Vulnerability

Title:Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞 (CVE-2019-19781)
Description:An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Description

Automated forensic script hunting for cve-2019-19781

Readme

# CVE-2019-19781-Forensic

## Note : My advice is now to use the official tool published by fireeye & citrix : https://github.com/fireeye/ioc-scanner-CVE-2019-19781

##### This little script was created to help security analyst to discover traces of successful CVE-2019-19781 exploits on their systems.
Feel free to fork and improve !
You can find an example of output on a compromised system : [output_demo.txt](https://github.com/onSec-fr/CVE-2019-19781-Forensic/blob/master/output_demo.txt "output_demo.txt").
##### Usage

1- Login on your Citrix Gateway with nsroot (or other high privileged account).

2- Download the script : 
`curl -o CVE-2019-19781-Forensic.sh https://raw.githubusercontent.com/onSec-fr/CVE-2019-19781-Forensic/master/script.sh`

3- Make it executable :
`chmod +x CVE-2019-19781-Forensic.sh`

4- Specify an output filename : 
`./CVE-2019-19781-Forensic.sh <output>`

5- Done !

File Snapshot


 [4.0K]  /data/pocs/58b4b2cca0d2d871503cf423a822001c7a7c1e3b
├── [1.0K]  LICENSE
├── [ 32K]  output_demo.txt
├── [ 902]  README.md
└── [2.2K]  script.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!