Left your Citrix .ICA files to public server and let the hacker in
Mr. Petko D. ‘Acrobat-Gmail’ Petkov has reported about very interesting Citrix issue:
When querying for public .ICA files (Independent Computing Architecture) you can do serious things in the remote system with this information. Opening Cmd.exe and listing the file system works etc. etc.
Report here and YouTube video of 1:28min here.
Googledork and Yahoodork(!) included, it appears there are many .mil and .gov sites. And hospitals too.
A real life example: A Finnish high school in Jyväskylä town fixed its problem in less than 20 minutes after receiving my e-mail this morning. Fine!