/claim #14092

PR Information

• Added CVE-2021-22941 (Citrix ShareFile Storage Zones Controller - Broken Access Control)
• References:
  • POC Repository (GitHub)
  • NVD Vulnerability Detail

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details

Verified template logic using a local python reproduction script that mimics endpoint behaviors, as the software is proprietary:

1. True Positive (Vulnerable): Script returns 200 OK + LocalFile GUID. Nuclei successfully matches this.

[Request]
GET /ShareFile/StorageCenter/Upload.aspx?uploadid=poc_sivani&bp=123&multipart=false HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[Response]
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Server: BaseHTTP/0.6 Python/3.12.1

LocalFile: 00000000-0000-0000-0000-000000000000 

2. False Positive Check (Patched): Script returns 403 Forbidden. Nuclei correctly fails to match (no vulnerability reported).

[Request]
GET /ShareFile/StorageCenter/Upload.aspx?uploadid=poc_sivani&bp=123&multipart=false HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[Response]
HTTP/1.0 403 Forbidden
Connection: close
Content-Type: text/plain
Server: BaseHTTP/0.6 Python/3.12.1

Access Denied: Authentication Required

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server