lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <200905211618.n4LGIin9020416@www5.securityfocus.com>
Date: Thu, 21 May 2009 10:18:44 -0600
From: swhite@...urestate.com
To: bugtraq@...urityfocus.com
Subject: Novell GroupWise Web Access Multiple XSS

     Novell GroupWise Web Access Multiple XSS
  /============================================\
 /~ SecureState R&D Team - leroy and sasquatch ~\
/~  Discovered: 11-24-08, 03-05-09              ~\
\~  Vendor Notified:  01-06-09, 03-05-09        ~/
 \~ Vendor Publication:  05-21-09              ~/
  \============================================/


   /------------------------------------------------------------------------------------------------\
  /~ Novell's Groupwise WebAccess login page is vulnerable to several cross-site scripting attacks. ~\
 /~                                                                                                  ~\
<    Example URL: https://www.website.com/gw/webacc                                                    >
 \~                                                                                                  ~/
  \~ An attempt to deter the attack is made in that <script> tags are replaced with <!-- pt>        ~/
   \------------------------------------------------------------------------------------------------/


|--------------------------------------------------------------|
| Vulnerable Fields: GWAP.version, User.Theme.index, User.lang |
| Vulnerable Versions: 7.0.1, 7.0.3, ?                         |
|--------------------------------------------------------------|
| Vulnerable Fields: User.Lang                                 |
| Vulnerable Versions: 8.0, ?                                  |
|--------------------------------------------------------------|


|------------------------------------------------------------------------------|
| Phishing via URL Redirection:                                                |
| "/><meta http-equiv="refresh" content="0; url=http://www.securestate.com" /> |
|------------------------------------------------------------------------------|
| JavaScript Execution Proof of Concept:                                       |
| " /><div onmouseover="alert('xss')" style="javascript:visibility:visible;">  |
|------------------------------------------------------------------------------|


|--------------------------------------------------------------------------------|
| Fix Info -->  Technical Information Document 7003271                           |
|                                                                                |
| http://www.novell.com/support/search.do?usemicrosite=true&searchString=7003271 |
|--------------------------------------------------------------------------------|
| Version 7 --> 7.03 Hot Patch 2                                                 |
| Fixes vulnerable fields: GWAP.version, User.Theme, but not User.lang           |
|--------------------------------------------------------------------------------|
| Version 8 (CVE-2009-1635)                                                      |
|--------------------------------------------------------------------------------|

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ