Description
This module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config server can send a specially crafted response in order to trigger a memory corruption and overwrite data in the stack, to finally execute arbitrary code with the privileges of the web server running the SOAP handler. This module has been tested successfully on the NetScaler Virtual Appliance 450010.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/freebsd/misc/citrix_netscaler_soap_bofmsf undefined(citrix_netscaler_soap_bof) > show actions ...actions...msf undefined(citrix_netscaler_soap_bof) > set ACTION < action-name >msf undefined(citrix_netscaler_soap_bof) > show options ...show and set options...msf undefined(citrix_netscaler_soap_bof) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub