Share
## https://sploitus.com/exploit?id=022050AE-DDB6-5292-9E52-2800C96C5E0F
# CVE-2023-24488
### POC for CVE-2023-24488

### Citrix Gateway Open Redirect and XSS (CVE-2023-24488)
URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a link which, when clicked, redirects the victim to an arbitrary location. Alternatively the attacker can inject newline characters into the Location header, to prematurely end the HTTP headers and inject an XSS payload into the response body.

## Install Requirements 
```
pip3 install -r requirements.txt
```

## Usage:
```
usage: python3 CVE-2023-24488.py [-h] (-u URL | -f FILE) [-o OUTPUT]
Example Command: # CVE-2023-24488.py -f ip.txt -o vulip.txt 

Check vulnerability to CVE-2023-24488

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Single URL/IP to check vulnerability
  -f FILE, --file FILE  File containing list of URLs/IPs
  -o OUTPUT, --output OUTPUT
                        Output file to save vulnerable IPs

```

Code BY:

Piyush Kumawat: [https://www.linkedin.com/in/piyush-kumawat/](url)

Blog: [securitycipher.com](url)