<<< Date Index >>>     <<< Thread Index >>>

DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832



Title
-----
DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection

Severity
--------
High

Date Discovered
---------------
October 14, 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$

Vulnerability Description
-------------------------
The Citrix Broadcast Server administrative login page is vulnerable to trivial 
SQL injections via the txtUID HTTP POST parameter.  An attacker could leverage 
this flaw to obtain unauthorized access to the web interface or to extract data 
from the database via blind SQL injection.   

Solution Description
--------------------
Citrix has released a patch for this flaw as described in Document ID 
CTX119315.  Digital Defense, Inc. would like that thank Citrix for quickly 
addressing this security vulnerability.  

Tested Systems / Software (with versions)
------------------------------------------
Windows 2003 with Citrix BCS 6.0 for Citrix Access Gateway.  Other versions of 
the Citrix BCS may be vulnerable. According to Citrix Document ID  CTX119315, 
the Avaya AG250 Broadcast Server 2.0 is also vulnerable to this flaw.

Vendor Contact
--------------
Citrix Systems, Inc.
www.citrix.com
secure@xxxxxxxxxx