Debugging Using XmlServiceExplorer - Part 3
Published on 31 Jul 2008Tags #Free Tool #HTTP #Presentation Server / XenApp #Web Interface #XML service #XmlServiceExplorer
In the last part of this tutorial about the XmlServiceExplorer, I introduced requesting useful information from the farm as well as resolving addresses.
Now, I’d like to demonstrate how chatty the XML service is when it comes to applications and their configuration. Some pieces of information are required for Web Interface to operate while others can be regarded as compromising.
Enumerating Applications
For obvious reasons, the XML service is able to present a list of published applications for a specific user. By selecting the AppData
tab and providing valid credentials, the resulting response (see the following screen shot) contains an AppDataSet
tag enclosing a number of AppData
tags describing each published application.
In addition to this very valid reason for enumerating applications, the XML service readily provides a list of ALL published applications regardless of their permissions. Simply reuse the previous request and choose to send no credentials. The following screen shot shows the resulting list of applications including those not published for the user specified in the last request.
Exploring Application Settings
After a user has authenticated with Web Interface, a list of application configuration details is retrieved from the XML service to be cached and used for building web pages and launching applications. Using the AppName
field for the name of the application and the DesiredDetails
drop-down list for the level of details, the XML service discloses a large amount of configuration details. The following screen shot lists all details for the published application Notepad
.
While exploring the DesiredDetails
drop-down list you will sooner or later try out the access-list
value. To my distress, the XML service does not require any authentication before returning this information. The last screen shot shows such a case: anyone with network access to my XML service is able to retrieve the full list of permissions for any application.
References
Talking to the XML Service (Update)
Debugging Using XmlServiceExplorer - Part 1
Debugging Using XmlServiceExplorer - Part 2
All articles about the XmlServiceExplorer