|
Family: Netware --> Category: infos
Netware Web Server Sample Page Source Disclosure Vulnerability Scan
Vulnerability Scan Summary Checks for Netware Web Server Source Disclosure
Detailed Explanation for this Vulnerability Test
On a Netware Web Server, viewcode.jse allows the source code of web pages to
be viewed. As an argument, a URL is passed to sewse.nlm. The URL can be
altered and will permit files outside of the web root to be viewed.
As a result, sensitive information could be obtained from the Netware server,
such as the RCONSOLE password located in AUTOEXEC.NCF.
Example: http://target//lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|