CVE-2023–24488: Pre-Auth XSS in Citrix Gateway
First, lets discover the IPs associated with Citrix Gateways. Shodan is the best for this.
Shodan Dork- http.title: “Citrix Gateaway”
Now we need to make a list of the IPs we find at the Shodan Search Results and store them in a file.
Next go to this page- https://github.com/k00kx/nuclei-templates
You need to download the CVE-2023–24488.yaml file.
Now we will use Nuclei. If you don’t have it installed-
sudo apt update
sudo apt install nuclei
Now use this command:
nuclei -t {path to the yaml file downloaded from github} -l {path to the iplist file}
This is one of the results I got-
There you go… successful Pre-Auth XSS….
Connect with me on Linkedin and let’s learn together :)
https://www.linkedin.com/in/aayush-dasgupta/
Follow me for more such articles ;)
