CVE-2023-3519

This exploit targets CVE-2023-3519 in Citrix ADC, leveraging a stack-based buffer overflow to achieve remote code execution. It deploys shellcode that creates a PHP backdoor and sets SUID on /bin/sh, then fetches and executes a remote payload.

The repository contains a Python-based vulnerability scanner for detecting CVE-2023-3519 in Citrix Gateways. It performs passive analysis and fingerprinting to assess vulnerability status, including checks for patched versions and optional IOC detection for web shells.

This repository contains a Bash-based IoC scanner developed by Mandiant to detect compromises related to CVE-2023-3519 in Citrix ADC appliances. It checks for known malware paths, shell history, malicious terms, crontab entries, and processes.

This repository contains a Python script that checks for the presence of CVE-2023-3519 in Citrix Gateways/ADCs by analyzing the 'Last-Modified' HTTP header timestamp. It compares the timestamp against known patched versions to determine potential vulnerability.

This PowerShell script scans for Citrix NetScaler servers and checks the 'Last-Modified' HTTP header to detect potentially vulnerable instances of CVE-2023-3519. It does not exploit the vulnerability but identifies outdated systems that may be at risk.

This repository contains a Nuclei template for detecting CVE-2023-3519, a vulnerability in Citrix ADC and Gateway appliances that allows unauthenticated remote code execution. The template checks for the presence of the vulnerability by comparing the 'Last-Modified' header in the server response to known patched versions.

This repository contains a functional exploit for CVE-2023-3519, targeting Citrix ADC (specifically VPX 13.1-48.47). The exploit leverages a remote code execution vulnerability by crafting a payload with shellcode and a callback URL, setting up a PHP backdoor and escalating privileges via SUID manipulation.

This PoC exploits a stack overflow vulnerability in Citrix Gateway (CVE-2023-3519) to achieve remote code execution. It uses a crafted HTTP request with shellcode to create a reverse shell via a PHP file and SUID binary.

This is a functional exploit for CVE-2023-3519, targeting Citrix ADC/Gateway. It leverages a buffer overflow vulnerability to achieve remote code execution by crafting a malicious HTTP request with embedded shellcode.

This is a functional exploit for CVE-2023-3519, targeting Citrix ADC (VPX 13.1-48.47). It leverages a stack-based buffer overflow to achieve remote code execution by injecting shellcode that creates a PHP backdoor and sets SUID on /bin/sh.

This repository contains a C# scanner for detecting Citrix NetScaler servers and checking the Last-Modified header to identify potentially vulnerable systems based on the age of the timestamp. It does not exploit CVE-2023-3519 but scans for indicators of outdated software.

This repository contains a Nuclei template and a mock server to detect unpatched systems vulnerable to CVE-2023-3519 by checking for a buffer processing issue in Citrix NetScaler VPX. It does not exploit the vulnerability but scans for its presence.

This repository contains a Python script that checks for the presence of CVE-2023-3519 in Citrix Gateways/ADCs by analyzing the 'Last-Modified' HTTP header timestamp. It compares the timestamp against known patched versions to determine if the target is potentially vulnerable.

This repository contains a Python script that scans for NetScaler (Citrix ADC) servers potentially vulnerable to CVE-2023-3519 by checking the Last-Modified header in HTTP responses. It identifies Citrix servers and flags those with outdated timestamps (older than 15 days).

This repository contains a functional exploit for CVE-2023-3519, a stack overflow vulnerability in Citrix Gateway. The exploit uses a crafted HTTP GET request with a long padding and a JMP ESP instruction to trigger the overflow and execute shellcode, which creates a reverse shell.

The repository contains functional exploit code for CVE-2023-3519, a Citrix NetScaler vulnerability, including both detection and exploitation scripts. The exploit leverages SAML authentication bypass to achieve remote code execution (RCE).

This Metasploit module exploits a stack buffer overflow in Citrix ADC (NetScaler) Forms SSO to achieve unauthenticated remote code execution as root via a crafted HTTP GET request.