Vulnerability in Citrix Broadcast Server could result in SQL injection

Description of Problem A vulnerability has been identified in the Web-based management interface of Citrix Broadcast Server, a component of the Citrix Application Gateway, that could result in arbitrary SQL query execution. This vulnerability affects the following products: • Citrix Application...

DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832

Title ----- DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection Severity -------- High Date Discovered --------------- October 14, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r@b13$ Vulnerability Description...

Citrix Broadcast Server login.asp页面SQL注入漏洞

BUGTRAQ ID: 32832 Citrix Broadcast Server是Citrix应用网关中的一个组件，能够以文本、图形和音频信息方式向IP电话交付诸如紧急情况、IT和天气报警等高优先级消息。 Citrix Broadcast Server的管理登录页面存在SQL注入漏洞，远程攻击者可以通过带有txtUID HTTP POST参数的恶意请求来利用这个漏洞非授权访问Web接口或从数据库获得数据。 Citrix Broadcast Server 6.0 厂商补丁： Citrix ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...