Bug Hunting: CVE-2019–19781(Remote Code Execution)
What is CVE-2019–19781?
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
As stated above all the CITRIX ADC with versions specified above are vulnerable to this attack. When I was working on a target, I was enumerating the list of IP addresses.
How to find the IP address of a target?
MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain…
Home * Censys
See Your Entire Attack Surface in Real-Time. Get a current view of all of your organization's assets so you can…
Comprehensive IP address data, IP geolocation API and database - IPInfo.io
With IPinfo, you can pinpoint your users' locations, customize their experiences, prevent fraud, ensure compliance, and…
Shodan has servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence…
Using the above methods, one will be able to identify the list of IP addresses of a target application. I have initially collected IP address details and then I was planning to look for the vulnerable machine.
There is a Github link available to identify a list of vulnerable machines for CVE-2019–19781 attack.
This was only uploaded due to other researchers publishing their code first. We would have hoped to have had this…
- Identify the list of IP addresses of the target application
- Run the vulnerability scanner from above github link and check whether the machine is vulnerable or not
To check the vulnerability using the scanner:
As shown above, the machine was found to be vulnerable to remote code execution attacks.
- Reported RCE on 16-Jan-2020
- 17-Jan-2020 bug was marked as duplicate finding. No bounty:-)
If you like the content, please follow me on medium and LinkedIn