Netscape Enterprise 3.63 Cross Site Scripting

Netscape Enterprise 3.63 suffers from a cross site scripting vulnerability in the default SnoopServlet servlet.

MD5 | 0c6b97708954b5902901fac4c063a6c2

# Exploit Title: Cross Site Scripting in default SnoopServlet servlet
Netscape Enterprise 3.63
# Date: 05-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
# Software Link:
# Version: Netscape Enterprise 3.63
# Tested on: all
# CVE : CVE-2018-18940
# Category: webapps

1. Description

The servlet/SnoopServlet (a servlet installed by default) in Netscape
Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the
query string. A remote unauthenticated attacker could potentially exploit
this vulnerability to supply malicious HTML or JavaScript code to a
vulnerable web application, which is then reflected back to the victim and
executed by the web browser.

2. Proof of Concept


The server response:

> Request URL:
> http://X.X.X.X/servlet/SnoopServlet
> Request information:
> Request method: GET
> Request URI: /servlet/SnoopServlet
> Request protocol: HTTP/1.1
> Servlet path: /servlet/SnoopServlet
> Path info: <none>
> Path translated: /PATHINSTALLED/netsrv2/AccessService/enterprise3.63/doc/
> Query string: PARAM=[XSS]

3. Solution:

The product is discontinued. Update to last version this product. See more


Related Posts