Novell GroupWise Web Access Multiple XSS

2009-05-21T00:00:00
ID SECURITYVULNS:DOC:21867
Type securityvulns
Reporter Securityvulns
Modified 2009-05-21T00:00:00

Description

 Novell GroupWise Web Access Multiple XSS

/============================================\ /~ SecureState R&D Team - leroy and sasquatch ~\ /~ Discovered: 11-24-08, 03-05-09 ~\ \~ Vendor Notified: 01-06-09, 03-05-09 ~/ \~ Vendor Publication: 05-21-09 ~/ \============================================/

/------------------------------------------------------------------------------------------------\ /~ Novell's Groupwise WebAccess login page is vulnerable to several cross-site scripting attacks. ~\ /~ ~\ < Example URL: https://www.website.com/gw/webacc > \~ ~/ \~ An attempt to deter the attack is made in that <script> tags are replaced with <!-- pt> ~/ \------------------------------------------------------------------------------------------------/

|--------------------------------------------------------------| | Vulnerable Fields: GWAP.version, User.Theme.index, User.lang | | Vulnerable Versions: 7.0.1, 7.0.3, ? | |--------------------------------------------------------------| | Vulnerable Fields: User.Lang | | Vulnerable Versions: 8.0, ? | |--------------------------------------------------------------|

|------------------------------------------------------------------------------| | Phishing via URL Redirection: | | "/><meta http-equiv="refresh" content="0; url=http://www.securestate.com" /> | |------------------------------------------------------------------------------| | JavaScript Execution Proof of Concept: | | " /><div onmouseover="alert('xss')" style="javascript:visibility:visible;"> | |------------------------------------------------------------------------------|

|--------------------------------------------------------------------------------| | Fix Info --> Technical Information Document 7003271 | | | | http://www.novell.com/support/search.do?usemicrosite=true&searchString=7003271 | |--------------------------------------------------------------------------------| | Version 7 --> 7.03 Hot Patch 2 | | Fixes vulnerable fields: GWAP.version, User.Theme, but not User.lang | |--------------------------------------------------------------------------------| | Version 8 (CVE-2009-1635) | |--------------------------------------------------------------------------------|