CVE-2019-19781

This NSE script checks for CVE-2019-19781, a path traversal vulnerability in Citrix ADC and Gateway. It sends an HTTP request to a specific path and checks the response for indicators of vulnerability.

This Metasploit module exploits a directory traversal vulnerability in Citrix ADC and Gateway to achieve remote code execution via template injection. It sends a crafted POST request to create a malicious template file, then triggers its execution via a GET request.

This script exploits CVE-2019-19781, a directory traversal vulnerability in Citrix ADC and Gateway, to achieve remote code execution by injecting a command into a template file and retrieving the output.

This repository contains a functional exploit (citrixmash.py) for CVE-2019-19781, a directory traversal vulnerability in Citrix ADC (NetScaler) leading to unauthenticated remote code execution. It also includes a scanner (cve-2019-19781_scanner.py) to detect vulnerable systems.

This repository contains a functional bash script that exploits CVE-2019-19781, a remote code execution vulnerability in Citrix Application Delivery Controller and Citrix Gateway. The exploit leverages directory traversal and template injection to execute arbitrary commands on vulnerable systems.

The repository contains a functional Python exploit for CVE-2019-19781, which allows unauthenticated remote code execution on Citrix ADC and Gateway devices. The exploit leverages directory traversal and template injection to execute arbitrary commands.

This repository contains a honeypot designed to detect and log scan and exploitation attempts for CVE-2019-19781, a directory traversal vulnerability in Citrix ADC. It emulates a vulnerable server to capture and analyze malicious requests.

This repository contains a Python-based scanner tool developed by CISA to detect the presence of CVE-2019-19781, a vulnerability in Citrix ADC and Gateway. The tool checks for indicators of the vulnerability but does not include exploit code.

This repository contains a forensic scanner developed by FireEye Mandiant and Citrix to detect indicators of compromise (IoCs) related to CVE-2019-19781. It analyzes logs, file system paths, shell history, and other artifacts for signs of exploitation but does not include exploit code.

This repository contains a functional Python exploit for CVE-2019-19781, a remote code execution vulnerability in Citrix Application Delivery Controller and Citrix Gateway. The exploit leverages a directory traversal and XML external entity injection to execute arbitrary commands on the target system.

This repository contains a forensic scanner developed by FireEye Mandiant and Citrix to detect indicators of compromise (IoCs) related to CVE-2019-19781 on Citrix ADC/Gateway appliances. It includes scripts to analyze logs, file system paths, shell history, crontab entries, and other artifacts for signs of exploitation.

This repository contains a Python script that scans for Citrix ADC systems vulnerable to CVE-2019-19781 by querying Shodan API and checking for the presence of a specific file path. It does not exploit the vulnerability but detects potential targets.

This repository contains a functional Python exploit for CVE-2019-19781, a directory traversal and template injection vulnerability in Citrix ADC/Netscaler. The exploit sends crafted HTTP requests to achieve unauthenticated remote code execution by leveraging template injection in the VPN portal.

This repository contains a functional exploit for CVE-2019-19781, a directory traversal vulnerability in Citrix ADC Netscaler that allows remote code execution. The exploit crafts malicious HTTP requests to execute arbitrary commands on the target system.

This repository contains a functional exploit script for CVE-2019-19781, a remote code execution vulnerability in Citrix Application Delivery Controller and Citrix Gateway. The script crafts a malicious HTTP request to execute arbitrary commands on the target system by exploiting a directory traversal and template injection flaw.

This repository provides a forensic script to detect traces of successful CVE-2019-19781 exploits on Citrix systems. It scans for XML template files, command execution traces, process listings, crontab entries, and web logs indicative of exploitation.

This repository contains a functional exploit script for CVE-2019-19781, a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway. The script leverages a directory traversal and command injection flaw to execute arbitrary commands on vulnerable systems.

The repository contains minimal content with no actual exploit code, only a link to an external blog post and an image. This is characteristic of a social engineering lure rather than a legitimate PoC.

This repository provides PowerShell modules to detect if a Citrix ADC/NetScaler appliance is vulnerable to CVE-2019-19781 and to check if mitigations are in place. It includes functions for checking exploitation indicators and mitigation status.

This repository contains scripts to detect signs of compromise related to CVE-2019-19781 on Citrix NetScaler appliances. It checks for indicators such as malicious XML files, suspicious log entries, and unauthorized processes, but does not exploit the vulnerability.

This repository contains a Python script that scans for Citrix ADC systems vulnerable to CVE-2019-19781 by querying Shodan API and checking for the presence of a specific file path. It does not exploit the vulnerability but detects potentially vulnerable systems.

This repository contains a functional exploit for CVE-2019-19781, a remote command execution vulnerability in Citrix ADC. The PoC leverages directory traversal and template injection to execute arbitrary commands on the target system.

This repository contains a honeypot designed to detect and log exploitation attempts targeting CVE-2019-19781 in Citrix ADC. It does not include exploit code but simulates a vulnerable environment to capture malicious traffic.

The repository contains no exploit code or technical details, only a video link and social media references. It appears to be a lure for external content rather than a legitimate PoC.

This repository contains a scanner for CVE-2019-19781, which checks if Citrix appliances are vulnerable to directory traversal by sending a HEAD request to a specific endpoint. It uses Shodan for discovery and GeoLite2 for geolocation data.

This repository contains a functional Python exploit for CVE-2019-19781, a directory traversal and remote code execution vulnerability in Citrix ADC and Gateway. The exploit crafts a malicious Perl template injection payload to execute arbitrary commands on the target system and retrieves the output via a secondary request.

This repository contains a forensic triage script designed to detect signs of compromise related to CVE-2019-19781 on Citrix ADC devices. It collects logs, suspicious files, and process information to identify potential exploitation artifacts.

This repository contains a Python-based scanner for detecting CVE-2019-19781, a vulnerability in Citrix ADC and Gateway. The tool checks for the presence of the vulnerability but does not include exploit code.

This repository contains a functional Python exploit for CVE-2019-19781, a directory traversal vulnerability in Citrix ADC and Gateway that allows remote code execution. The exploit leverages improper path validation in the `/vpns/` endpoint to inject malicious Perl template code via crafted HTTP requests.

This repository provides a detailed DFIR (Digital Forensics and Incident Response) guide for CVE-2019-19781, a critical vulnerability in Citrix ADC (NetScaler). It includes forensic techniques, artifact locations, and detection methods for compromised systems, but does not contain exploit code.

This repository provides a detailed forensic analysis and DFIR (Digital Forensics and Incident Response) notes for CVE-2019-19781, a remote pre-auth arbitrary command execution vulnerability in Citrix NetScaler. It includes scripts for log analysis, IOCs (Indicators of Compromise), and Splunk-based detection methods.

This script scans for Citrix ADC/Gateway systems vulnerable to CVE-2019-19781 by checking for the presence of the 'lmhosts' string in the smb.conf file via a path traversal request. It does not exploit the vulnerability but identifies potentially vulnerable hosts.

This repository contains a functional exploit script for CVE-2019-19781, a remote code execution vulnerability in Citrix ADC and Gateway. The script uses a crafted HTTP request with template injection to execute arbitrary commands on the target system.

This repository contains a functional Python exploit for CVE-2019-19781, a directory traversal and remote code execution vulnerability in Citrix ADC and Gateway. The exploit uploads a malicious XML file via a crafted POST request and triggers command execution through template injection.

This repository contains a functional bash script that exploits CVE-2019-19781, a directory traversal vulnerability in Citrix ADC and Gateway, to achieve remote code execution. The exploit crafts a malicious request to execute arbitrary commands on the target system.

This repository contains a scanner for CVE-2019-19781, a path traversal vulnerability in Citrix ADC and Gateway. It checks for the presence of the vulnerability by attempting to access a specific file path and verifying the response content.

This repository provides a Jupyter notebook for forensic analysis of Citrix Netscaler hosts compromised via CVE-2019-19781. It includes log parsing, IOC detection, and payload decoding to aid in incident response.

The repository contains a Python script that enumerates subdomains and ASN information for a given domain to identify potential targets vulnerable to CVE-2019-19781. It does not include exploit code but rather performs reconnaissance to find vulnerable Citrix systems.

This repository is a honeypot designed to detect and log exploitation attempts for CVE-2019-19781 (Citrix ADC/NetScaler vulnerability). It simulates a vulnerable Citrix environment to capture and log scanning and exploitation attempts, including payloads and login attempts.

This repository contains a Python script that scans for Citrix ADC/Netscaler Gateway devices vulnerable to CVE-2019-19781 by querying Shodan and checking for the presence of a specific path disclosure endpoint. It does not exploit the vulnerability but detects potentially vulnerable hosts.

This repository contains a functional Metasploit module that exploits a directory traversal vulnerability in Citrix ADC (NetScaler) to achieve remote code execution. The exploit leverages improper path sanitization to access Perl scripts and inject malicious XML payloads.

This repository contains a Python script that scans for CVE-2019-19781, a path traversal vulnerability in Citrix ADC and Gateway. The script checks for the presence of a sensitive file (`smb.conf`) via a crafted HTTP request and logs vulnerable IPs.

This PowerShell script checks for CVE-2019-19781 by attempting to access a sensitive file via a path traversal vulnerability in Citrix ADC. It does not exploit the vulnerability but detects its presence.

This repository contains a multithreaded scanner for detecting Citrix appliances vulnerable to CVE-2019-19781. It uses a HEAD request to check for a specific content-length header response to reduce false positives and includes features like IDS evasion via ASCII encoding.

This repository provides Indicators of Compromise (IOCs) related to CVE-2019-19781, including IP addresses and whois results from a honeypot analysis. It references a blog post discussing the exploit but does not contain functional exploit code.

The repository claims to check for CVE-2019-19781 but provides no actual exploit code. Instead, it directs users to an external website (citrix-checker.com) and includes generic mitigation steps without technical details about the vulnerability itself.

This repository contains a functional exploit for CVE-2019-19781, a remote code execution vulnerability in Citrix Netscaler. The exploit leverages a directory traversal and template injection flaw to execute arbitrary commands on the target system.

The repository contains a functional Python exploit for CVE-2019-19781, a directory traversal vulnerability in Citrix ADC and Gateway. The exploit leverages improper path validation in the /vpns/ endpoint to achieve remote code execution by injecting malicious templates via the newbm.pl script.

This Metasploit module scans for CVE-2019-19781, a directory traversal vulnerability in Citrix ADC (NetScaler). It attempts to retrieve the smb.conf file via a crafted path and checks for the presence of a '[global]' directive to confirm vulnerability.

This Metasploit module exploits a directory traversal vulnerability (CVE-2019-19781) in Citrix ADC (NetScaler) to achieve remote code execution by leveraging a path traversal in the `/vpn/../vpns/portal/scripts/newbm.pl` endpoint to write and execute arbitrary commands.