.. / CVE-2023-4966

Exploit for Citrix Bleed - Leaking Session Tokens (CVE-2023-4966)

Description:

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.

Nuclei Template

View the template here CVE-2023-4966.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-4966.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-4966
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
https://github.com/assetnote/exploits/blob/main/citrix/CVE-2023-4966/exploit.py
https://x.com/assetnote/status/1716757539323564196?s=20
https://github.com/Chocapikk/CVE-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966