CVE-2015-2838

Citrix NetScaler - Cross-Site Request Forgery via Nitro API

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2838. PoCs published by Han Sahin.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the NITRO SDK's xen_hotfix page, allowing arbitrary command execution with elevated privileges (nsroot) via the file_name parameter. The PoC includes a crafted HTML form and direct HTTP POST requests to exploit the vulnerability.

Description

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

Exploits (1)

exploitdb WORKING POC

by Han Sahin · textwebappslinux

https://www.exploit-db.com/exploits/36442

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in the NITRO SDK's xen_hotfix page, allowing arbitrary command execution with elevated privileges (nsroot) via the file_name parameter. The PoC includes a crafted HTML form and direct HTTP POST requests to exploit the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Citrix NetScaler SDX svm-10.5-50-1.9

Auth required

Prerequisites: Access to a logged-in admin user's session · Network access to the target SDX appliance

MITRE ATT&CK