IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability
BID:9901
Info
IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9901 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2004 12:00AM |
| Updated: | Mar 17 2004 12:00AM |
| Credit: | Discovery is credited to Dr_insane <[email protected]>. |
| Vulnerable: |
Lotus Domino 6.5.1 |
| Not Vulnerable: | |
Discussion
IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability
It has been reported that Lotus Domino server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'Quick Console' function of 'webadmin.nsf' administrative interface.
IBM Lotus Domino server 6.5.1 has been reported to be prone to this issue, however, it is possible that other versions are affected as well.
It has been reported that Lotus Domino server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'Quick Console' function of 'webadmin.nsf' administrative interface.
IBM Lotus Domino server 6.5.1 has been reported to be prone to this issue, however, it is possible that other versions are affected as well.
Exploit / POC
IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability
The following proof of concept has been provided:
1)Go to http://www.example.com/webadmin.nsf
2)Go to "server" tab
3)Go to "Quick console" in the left column
4)Give as "Domino command" <script>alert(document.cookie)</script>
The following proof of concept has been provided:
1)Go to http://www.example.com/webadmin.nsf
2)Go to "server" tab
3)Go to "Quick console" in the left column
4)Give as "Domino command" <script>alert(document.cookie)</script>
Solution / Fix
IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.