Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4966 PoC — Unauthenticated sensitive information disclosure

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/citrix/citrix-oob-memory-read.yaml
Associated Vulnerability
Title:Unauthenticated sensitive information disclosure (CVE-2023-4966)
Description:Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
Description
The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed vulnerability (CVE-2023-4966), except it is less likely to return highly sensitive information to an attacker.
File Snapshot

 id: citrix-oob-memory-read

info:
  name: Citrix Netscaler ADC & Gateway v13.1-50.23 - Out-Of-Bounds

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →