DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection

2009.01.10
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Title ----- DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection Severity -------- High Date Discovered --------------- October 14, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r@b13$ Vulnerability Description ------------------------- The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection. Solution Description -------------------- Citrix has released a patch for this flaw as described in Document ID CTX119315. Digital Defense, Inc. would like that thank Citrix for quickly addressing this security vulnerability. Tested Systems / Software (with versions) ------------------------------------------ Windows 2003 with Citrix BCS 6.0 for Citrix Access Gateway. Other versions of the Citrix BCS may be vulnerable. According to Citrix Document ID CTX119315, the Avaya AG250 Broadcast Server 2.0 is also vulnerable to this flaw. Vendor Contact -------------- Citrix Systems, Inc. www.citrix.com secure (at) citrix (dot) com [email concealed]

References:

http://www.securityfocus.com/bid/32832
http://www.securityfocus.com/archive/1/archive/1/499559/100/0/threaded
http://support.citrix.com/article/CTX119315
http://www.securitytracker.com/id?1021411
http://secunia.com/advisories/33127


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top