Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19781 PoC — Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞

Source
https://github.com/j81blog/ADC-19781
Associated Vulnerability
Title:Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞 (CVE-2019-19781)
Description:An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Description
Check ADC for CVE-2019-19781
Readme
# ADC-19781
Several checks for CVE-2019-19781


## Module installation 
Download the two files (ADC-19781.psd1 & ADC-19781.psm1) and put them in one of the following locations:
- C:\Users\\%USERNAME%\Documents\WindowsPowerShell\Modules\ADC-19781
- C:\Program Files\WindowsPowerShell\Modules\ADC-19781

## Import Module
```powershell
Import-Module ADC-19781
```

There are two main functions:
- ADCFindIfHacked
- ADCCheckMitigation

### ADCFindIfHacked
Execute some test to find out if you are possibly hacked, this wil not give 100% certanty.
This is based on currently known facts.

This function requires the use of [Posh-SSH](https://www.powershellgallery.com/packages/Posh-SSH), please install before use.

```powershell
Install-Module Posh-SSH
```

```powershell
SYNTAX
    ADCFindIfHacked [-ManagementURL] <uri> [[-TimeOut] <int>] [-Credential] <pscredential> [[-LogFile] <string>] [-NoLog]
```

```powershell
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local"
```
```powershell
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local" -LogFile C:\Temp\ADCFindIfHacked.log
```
```powershell
EXAMPLE
    PS C:\> ADCFindIfHacked -ManagementURL "https://citrixnetscaler.domain.local" -NoLog
```
NOTE: You can optionaly specify the -Credential <Credential> parameter, if not credential will be asked.
NOTE: You can change the logfile location with the -LogFile Parameter or -NoLog if you don't want a logfile. By default a logfile "ADCFindIfHacked_yyyyMMdd-HHmmss.txt" will be created.
NOTE: If you have TimeOut issues you can specify the -TimeOut parameter, default value 300.

### ADCCheckMitigation
Check the Citrix ADC / NetScaler to verify if the mitigation is in place

```powershell
SYNTAX
    ADCCheckMitigation [-ManagementURL] <uri> [-Credential] <pscredential>
```

```powershell
EXAMPLE
    PS C:\> ADCCheckMitigation -ManagementURL "https://cns001.domain.local"
```
NOTE: You can optionaly specify the -Credential <Credential> parameter, if not credential will be asked.

### Unable to load Renci.SshNet
If you might receive the following error "Could not load file or assembly 'Renci.SshNet'" you can try to execute the following lines and restart your PowerShell Session.

```powershell
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
$publish = New-Object System.EnterpriseServices.Internal.Publish
$publish.GacInstall("C:\Program Files\WindowsPowerShell\Modules\Posh-SSH\2.2\Assembly\Renci.SshNet.dll");
```
File Snapshot

 [4.0K]  /data/pocs/5e58295a8539871cbfb79865329752ec998d9983
├── [7.9K]  ADC-19781.psd1
├── [ 70K]  ADC-19781.psm1
├── [ 34K]  LICENSE
└── [2.5K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →