CVE-2020-8300 PoC — Citrix Systems Citrix Application Delivery Controller 安全漏洞

Source

https://github.com/stuartcarroll/CitrixADC-CVE-2020-8300

Associated Vulnerability

Title:Citrix Systems Citrix Application Delivery Controller 安全漏洞 (CVE-2020-8300)
Description:Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Description

Detect Citrix ADC SAML action or SAML iDP Profile config vulnerable to CVE-2020-8300 using Citrix ADC NITRO API

Readme


Detect Citrix ADC SAML action or SAML iDP Profile config vulnerable to CVE-2020-8300 using Citrix ADC NITRO API

![image](https://user-images.githubusercontent.com/8889050/122010412-03b58580-cdb3-11eb-9708-9a027d871070.png)


EXAMPLE
& '.\CitrixADC-CVE-2020-8300.ps1' -NSIPProtocol http -NSIP 10.10.10.10 -user nitro -pass "SshhhItsASecret"


If this proves useful to anyone I will develop further with the following functionality:

- Identify bindings for SAML Actions and SAML iDP Profiles to identify if and where they are in use
- Detect vulnerable firmware versions by seeing if the relaystaterule and acsurlrule parameters can be set

File Snapshot


 [4.0K]  /data/pocs/710e7b66c1e1d62bbe5d46a07cfe715c7f87da45
├── [4.1K]  CitrixADC-CVE-2020-8300.ps1
└── [ 642]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!