Skip to content

Latest commit

 

History

History
32 lines (23 loc) · 1.11 KB

README.md

File metadata and controls

32 lines (23 loc) · 1.11 KB

CVE-2023-24488

POC for CVE-2023-24488

Citrix Gateway Open Redirect and XSS (CVE-2023-24488)

URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a link which, when clicked, redirects the victim to an arbitrary location. Alternatively the attacker can inject newline characters into the Location header, to prematurely end the HTTP headers and inject an XSS payload into the response body.

Install Requirements

pip3 install -r requirements.txt

Usage:

usage: python3 CVE-2023-24488.py [-h] (-u URL | -f FILE) [-o OUTPUT]
Example Command: # CVE-2023-24488.py -f ip.txt -o vulip.txt 

Check vulnerability to CVE-2023-24488

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Single URL/IP to check vulnerability
  -f FILE, --file FILE  File containing list of URLs/IPs
  -o OUTPUT, --output OUTPUT
                        Output file to save vulnerable IPs

Code BY:

Piyush Kumawat: https://www.linkedin.com/in/piyush-kumawat/

Blog: securitycipher.com