Left your Citrix .ICA files to public server and let the hacker in

Mr. Petko D. ‘Acrobat-Gmail’ Petkov has reported about very interesting Citrix issue:

When querying for public .ICA files (Independent Computing Architecture) you can do serious things in the remote system with this information. Opening Cmd.exe and listing the file system works etc. etc.

Report here and YouTube video of 1:28min here.
Googledork and Yahoodork(!) included, it appears there are many .mil and .gov sites. And hospitals too.
A real life example: A Finnish high school in Jyväskylä town fixed its problem in less than 20 minutes after receiving my e-mail this morning. Fine!

  • citrix is bad

    wow that is bad shit.

  • Donnerjack

    If you go to his website you’ll find he was somewhat misleading about what he found.

    The sites he was able to abuse were unsecured. Meaning the firewall and citrix admins at those locations had not followed the instructions when setting up a Citrix portal. internal ports were open on the external firewalls such as 1494, which should never be open to the public.

    What he REALLY found was lazy and ignorant technicians who don’t have a clue.

    The Citrix community has confirmed beyond doubt that using just th ebasic SSL Secure Gateway configurations in the manual with prevent this type of abuse. I’m not even mentioning the fact most of the site he found were on extremely old version of the Citrix web piece.