Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

If it smells it's chemistry, if it crawls it's biology, if it doesn't work it's physics.

rocksolid / Security / Someone is still using Citrix?

o Someone is still using Citrix?anon

Subject: Someone is still using Citrix?
From: anon
Organization: def5
Date: Sat, 18 Jan 2020 18:24 UTC
From: (anon)
Message-ID: <ab569d65d6a9a610f2ab22ddbd84da6a@def4>
Subject: Someone is still using Citrix?
Date: Sat, 18 Jan 2020 18:24:00+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers

Holy shit, a chain of fuckups:
-first, a path traversal
-then, writing to a directory containing scripts without any auth
-finally, an "undocumented feature", that allows remote code execution (so the backdoor that the technicians used for customer support, most like)

It takes a lot of effort to make something as bad as this. Burn it with fire, then scramble the ashes and scatter them into the winds.

Posted on def4

rocksolid light 0.7.2