Citrix ShareFile Storage Zones Controller Exploit Attempt - CVE-2023-24489

Citrix ShareFile is a common cloud-based file-sharing application. On-premise data storage can be joined to a ShareFile account through a web server that runs the ShareFile storage zones controller application. The storage zones controller has a vulnerability in how it both handles cryptographic operations when validating decrypted data and sanitizes query parameter input. To exploit this vulnerability, an attacker creates a malicious HTTP request that includes a URI with this vulnerable endpoint: /documentum/upload.aspx. The request also has query parameters with encrypted data and a path traversal. The storage zone controller processes the malicious request and uploads a file, such as a web shell. The attacker sends subsequent HTTP requests to run a command on the victim, read sensitive files, or upload additional files.