Citrix ADC VPX Release 13.0 - python not in the PATH

trustedsec / cve-2019-19781

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.

Other

570 stars 127 forks source link

Closed lucyoa closed 4 years ago

lucyoa commented 4 years ago

For Citrix ADC VPX Release 13.0 python is not in the $PATH which makes payload execution failing.

$ env
HOME=/
FLEXLM_ANYHOSTNAME=1
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/netscaler
PWD=/
$ python
python: not found

It is required to change payload to use python from /var/python/bin/python.

trustedsec commented 4 years ago

Great find. I've pushed a new version that uses the full path. Thanks for sharing.