POC for Citrix NetScaler CVE-2023-4966
This Python script exploits CVE-2023-4966, a critical vulnerability in Citrix ADC instances that allows unauthenticated attackers to leak session tokens. The vulnerability is assigned a CVSS score of 9.4 and is remotely exploitable without user interaction. Citrix NetScaler appliances configured as Gateways (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual servers are vulnerable to this attack.
$ OPENSSL_CONF=./openssl.cnf python3.10 exploit.py -h
-u URL, --url URL
Specify the Citrix ADC / Gateway target (e.g., https://192.168.1.200).-f FILE, --file FILE
Provide a file containing a list of target URLs (one URL per line).-o OUTPUT, --output OUTPUT
Specify the file to save the output results.-v, --verbose
Enable verbose mode.--only-valid
Only show results with valid session tokens.
For a single target:
$ OPENSSL_CONF=./openssl.cnf python3.10 exploit.py -u https://target.example.com
For multiple targets listed in a file:
$ OPENSSL_CONF=./openssl.cnf python3.10 exploit.py -f targets.txt --only-valid
This script is provided for educational and research purposes only. Use it responsibly and only on systems you have permission to test.
Senpaisamp, Italy