Giters

DimitriNL / CTX-CVE-2020-7473

Citrix Sharefile vulnerability check and fast research details

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CTX-CVE-2020-7473

Citrix Sharefile Vulnerbility check

Fast Research details CTX-CVE-2020-7473
Made on 2020.04.16

Vulnerbility check:
Open in a webbrowser
https://yoursharefileserver.companyname.com/UploadTest.aspx
Or
curl https://yoursharefileserver.companyname.com/UploadTest.aspx --path-as-is

Blank page = Server vulnerable
Error 404 = server has been patched

Notes:
Output can be different if behind a WAF/Netscaler:
https://docs.citrix.com/en-us/storage-zones-controller/5-0/install/sf-deploy-cfg-netscaler.html
Credit: https://twitter.com/chris_e_tweets

Inportant changes after mitigation tool:
Changes web.config
delete files UploadTest.aspx & XmlFeed.aspx

Installed:
AjaxControlToolkit
2013.12.14 | Version: 4.1.7.1213

Citrix mitigation tool & details:
CVE-2020-7473 - CVE-2020-8982 - CVE-2020-8983
https://support.citrix.com/article/CTX269106

Credits to the Danske Bank Red-Team


Do you have more tips? Let me know on my twitter and I will put it in this document.
My Twitter: https://twitter.com/dimitrinl

About

Citrix Sharefile vulnerability check and fast research details

Languages

Language:ASP.NET 100.0%