Comments on: 0day: Hacking secured CITRIX from outside

By: DH

DH — Wed, 14 May 2008 10:37:27 +0000

Here is the fix, nice job PDP :-D

XenApp 4.5
http://support.citrix.com/article/CTX116954

By: Kaustubh Kumar

Kaustubh Kumar — Thu, 20 Mar 2008 23:15:33 +0000

Hi All,
I need help in hacking citrix which can allow me to open websites in the citrix metaframe.

By: Security Researcher Warns About Citrix Vulnerability

Security Researcher Warns About Citrix Vulnerability — Tue, 20 Nov 2007 06:58:10 +0000

[...] “cutting-edge think tank” and a “creative hacker organization,” has «www.gnucitizen.org» about a cross-site request forgery attack that can be made in conjunction with a malicious [...]

By: pdp

pdp — Fri, 26 Oct 2007 06:28:54 +0000

Noob I haven’t tested that but it should work in theory.

By: Noob

Noob — Thu, 25 Oct 2007 20:33:48 +0000

Question:

If the user does not have pass through enabled, but does have stored credentials in the client- (username, password, domain) – will the attack still work?

By: hackathology

hackathology — Mon, 22 Oct 2007 17:10:19 +0000

i found out the clue

By: hackathology

hackathology — Mon, 22 Oct 2007 17:09:42 +0000

got it pdp. I found it

By: pdp

pdp — Mon, 22 Oct 2007 13:54:57 +0000

hackathology, nope, it is different. you should be able to figure it out though.

By: Major Fukup

Major Fukup — Mon, 22 Oct 2007 11:50:56 +0000

One of the reasons why you should always give users on these systems minimum rights.
Does it require a published desktop?
Which virtual channels do you use?

Regards M.F.

By: hackathology

hackathology — Mon, 22 Oct 2007 10:20:14 +0000

Is this the same vulnerability found here?

http://support.citrix.com/article/CTX112589

By: pdp

pdp — Fri, 12 Oct 2007 08:40:42 +0000

Folk, apparently CITRIX has removed the YouTube videos due to some copyright violation. This is strange and the same time not the right way to handle security advisories. Still haven’t got any response from them around the issue and I seriously doubt that this will ever happen. However, I am going to keep the POC private for now and give them a chance to react on the in sensible way.

By: wekrid

wekrid — Fri, 12 Oct 2007 07:47:46 +0000

will this hack also work with csg and cags?

By: pdp

pdp — Thu, 11 Oct 2007 18:40:27 +0000

no user interaction is required!

By: lol

lol — Thu, 11 Oct 2007 18:14:58 +0000

it just seems to be the category clickmyexecutableiwonthurt “exploit”. unfortunately we can’t patch users.

By: pdp

pdp — Thu, 11 Oct 2007 11:22:57 +0000

hellboy726, interesting site you have there! reminds me of 1998… but I like it.

By: hellboy726

hellboy726 — Thu, 11 Oct 2007 11:15:53 +0000

Nice!

By: pdp

pdp — Thu, 11 Oct 2007 11:00:15 +0000

rootkid, there is nothing on the horizon for me in europe for the rest of this year. feel free to contact me through!

By: rootkid

rootkid — Thu, 11 Oct 2007 10:49:21 +0000

Oh bummer. Man, I was investigating the same stuff (citrix that is) at the moment, and somehow you are always a leap ahead. I hate that…:) Anyhow, good work as always. I would really like to have a chat with you someday if you happen to be around (any con you are on this year in europe?). Probably we can share ideas, if you like.
Cheers.

By: zeridon

zeridon — Thu, 11 Oct 2007 07:10:46 +0000

Looks nice,

and also i see a storm brewing … smth. like the 0day pdf.

By: vindic

vindic — Thu, 11 Oct 2007 00:25:04 +0000

Yes, very nice, thnx for good work ;)