Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Netware --> Category: infos

Netware Web Server Sample Page Source Disclosure Vulnerability Scan


Vulnerability Scan Summary
Checks for Netware Web Server Source Disclosure

Detailed Explanation for this Vulnerability Test

On a Netware Web Server, viewcode.jse allows the source code of web pages to
be viewed. As an argument, a URL is passed to sewse.nlm. The URL can be
altered and will permit files outside of the web root to be viewed.
As a result, sensitive information could be obtained from the Netware server,
such as the RCONSOLE password located in AUTOEXEC.NCF.

Example: http://target//lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf


Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.